Re: [Trustedjava-support] Bind with SunJCE RSAPublicKey-Unbind with JTSS problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Looking through the source of various objects, I added the
following code to the test to explicitly set the values in
the TcTpmBoundData object:

-----------
*TcTpmStructVer ver = new TcTpmStructVer();
ver.setMajor((short) 1);
ver.setMinor((short) 1);
ver.setRevMajor((short) 0);
ver.setRevMinor((short) 0);
TcTpmBoundData boundata = new TcTpmBoundData();
boundata.setVer(ver);
boundata.setPayload(TcTpmConstants.TPM_PT_BIND);
boundata.setPayloadData(TcBlobData.newByteArray(ciphertext));*

TcIEncData encdataobject =
	tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
	TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
	*boundata.getEncoded()*);
bindkey.loadKey(srk);
TcBlobData ptobject = encdataobject.unbind(bindkey);
-----------

Unfortunately, the result is the same; same exception at the
same location in the code.  Hopefully, you'll provide some
direction, Ronald.  Thanks.

Arshad Noor
StrongAuth, Inc.

Arshad Noor wrote:
> Hi Ronald,
> 
> Thanks for the pointer, but I'm afraid I'm missing the connection.
> 
> I've reviewed the TCG Sec on tdTPM_BOUND_DATA and understand what
> the 1-pager says; but what I'm missing is how does the TcIEncData's
> unbind(TcIRsakey) method use it.  Your examples in the JUnit source
> do not use the TcTpmBoundData structure, so I'm missing the link.
> 
> While I understand that the bind() operation in TcIEncData probably
> creates the BoundData object internally and can therefore unbind it,
> I'm not sure how to pass the TcTpmBoundData structure to the
> TcIEncData object for the unbind() operation.  Perhaps a few lines
> of code will illuminate this better.
> 
> Thanks.
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> Ronald Tögl wrote:
>> Hi,
>>
>> The data you bind must be encrypted in a tdTPM_BOUND_DATA structure, the 
>> definition of which can be found in the TPM specifications.
>>
>> Ronald
>>
>> Arshad Noor wrote:
>>> Hi,
>>>
>>> Recently started testing native JTSS 0.41.  All tests pass on my
>>> system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30).
>>>
>>> When I try to encrypt data or a symmetric key (using SunJCE) with
>>> an RSAPublicKey (whose Bind Key was generated in the TPM) and
>>> decrypt the ciphertext with the Bind Key in the TPM, I run into
>>> the following exception consistently:
>>>
>>> ---------------------
>>> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>>>
>>> TSS Error:
>>> error layer:                0x00 (TPM)
>>> error code (without layer): 0x21
>>> error code (full):          0x21
>>> error message: The decryption process did not complete.
>>>
>>>          at 
>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) 
>>>
>>>          at 
>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244) 
>>>
>>>          at 
>>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
>>>          at 
>>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442) 
>>>
>>>          at 
>>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766) 
>>>
>>>          at 
>>> iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221)
>>>          at 
>>> jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97) 
>>>
>>> ---------------------
>>>
>>> I presume that it should be possible to do what I'm doing; I
>>> didn't see anything that might otherwise indicate that it was
>>> not possible.  Here is the relevant section of the code that
>>> I'm using; it is the unbind() method that causes the problem:
>>>
>>> ------------------------
>>> String plaintext = "To be....or not to be; that is the question!";
>>> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
>>> cipher.init(Cipher.ENCRYPT_MODE, rsabindkey);
>>> byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
>>> TcIEncData encdataobject =
>>>     tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
>>> encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
>>>     TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
>>>     TcBlobData.newByteArray(ciphertext));
>>> bindkey.loadKey(srk);
>>> TcBlobData ptobject = encdataobject.unbind(bindkey);
>>> ------------------------
>>>
>>> I get the same exception even if I use "NoPadding" in my
>>> cipher's transform.
>>>
>>> Thanks for your help.
>>>
>>> Arshad Noor
>>> StrongAuth, Inc.
>>>
>>>   
>>
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with 
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support