From: Arshad N. <ars...@st...> - 2009-09-10 01:58:52
|
Halleleujah! I figured it out. I, obviously, misunderstood your response, Ronald (although I will admit that your response was cryptic) :-) Once I pored through various source files, I was finally able to solve this. For those who are interested in the solution, here is the snippet of code that worked: --------------------- // Setup BoundData object String plaintext = "To be....or not to be; that is the question!"; TcTpmBoundData boundata = new TcTpmBoundData(); boundata.setVer(TcTpmStructVer.TPM_V1_1); boundata.setPayload(TcTpmConstants.TPM_PT_BIND); boundata.setPayloadData(TcBlobData.newByteArray(plaintext.getBytes("UTF-16LE"))); System.out.println("Original plaintext data: " + plaintext); // Encrypt with JCE Cipher and parameters OAEPParameterSpec oaepspec = new OAEPParameterSpec("SHA1", "MGF1", new MGF1ParameterSpec("SHA1"), new PSource.PSpecified("TCPA".getBytes("ASCII"))); Cipher cipher = ipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding"); cipher.init(Cipher.ENCRYPT_MODE, rsabindkey, oaepspec); byte[] ciphertext = cipher.doFinal(boundata.getEncoded().asByteArray()); System.out.println("Encrypted data: " + new String(Base64.encode(ciphertext))); // Setup EncData object for unbinding (decryption) TcIEncData encdataobject = tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND); encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB, TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB, TcBlobData.newByteArray(ciphertext)); // Load bind key (with the SRK reference to decrypt bindkey) bindkey.loadKey(srk); // Decrypt the data TcBlobData ptobject = encdataobject.unbind(bindkey); // Display the decrypted plaintext System.out.println("Decrypted data: " + ptobject.toString()); --------------------- Thanks for the pointer, Ronald. In the final analysis, it did lead me to the answer. This was fun! :-) Arshad Noor StrongAuth, Inc. Arshad Noor wrote: > Looking through the source of various objects, I added the > following code to the test to explicitly set the values in > the TcTpmBoundData object: > > ----------- > *TcTpmStructVer ver = new TcTpmStructVer(); > ver.setMajor((short) 1); > ver.setMinor((short) 1); > ver.setRevMajor((short) 0); > ver.setRevMinor((short) 0); > TcTpmBoundData boundata = new TcTpmBoundData(); > boundata.setVer(ver); > boundata.setPayload(TcTpmConstants.TPM_PT_BIND); > boundata.setPayloadData(TcBlobData.newByteArray(ciphertext));* > > TcIEncData encdataobject = > tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND); > encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB, > TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB, > *boundata.getEncoded()*); > bindkey.loadKey(srk); > TcBlobData ptobject = encdataobject.unbind(bindkey); > ----------- > > Unfortunately, the result is the same; same exception at the > same location in the code. Hopefully, you'll provide some > direction, Ronald. Thanks. > > Arshad Noor > StrongAuth, Inc. > > > Arshad Noor wrote: >> Hi Ronald, >> >> Thanks for the pointer, but I'm afraid I'm missing the connection. >> >> I've reviewed the TCG Sec on tdTPM_BOUND_DATA and understand what >> the 1-pager says; but what I'm missing is how does the TcIEncData's >> unbind(TcIRsakey) method use it. Your examples in the JUnit source >> do not use the TcTpmBoundData structure, so I'm missing the link. >> >> While I understand that the bind() operation in TcIEncData probably >> creates the BoundData object internally and can therefore unbind it, >> I'm not sure how to pass the TcTpmBoundData structure to the >> TcIEncData object for the unbind() operation. Perhaps a few lines >> of code will illuminate this better. >> >> Thanks. >> >> Arshad Noor >> StrongAuth, Inc. >> >> Ronald Tögl wrote: >>> Hi, >>> >>> The data you bind must be encrypted in a tdTPM_BOUND_DATA structure, the >>> definition of which can be found in the TPM specifications. >>> >>> Ronald >>> >>> Arshad Noor wrote: >>>> Hi, >>>> >>>> Recently started testing native JTSS 0.41. All tests pass on my >>>> system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30). >>>> >>>> When I try to encrypt data or a symmetric key (using SunJCE) with >>>> an RSAPublicKey (whose Bind Key was generated in the TPM) and >>>> decrypt the ciphertext with the Bind Key in the TPM, I run into >>>> the following exception consistently: >>>> >>>> --------------------- >>>> iaik.tc.tss.api.exceptions.tcs.TcTpmException: >>>> >>>> TSS Error: >>>> error layer: 0x00 (TPM) >>>> error code (without layer): 0x21 >>>> error code (full): 0x21 >>>> error message: The decryption process did not complete. >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638) >>>> at >>>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221) >>>> at >>>> jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97) >>>> >>>> --------------------- >>>> >>>> I presume that it should be possible to do what I'm doing; I >>>> didn't see anything that might otherwise indicate that it was >>>> not possible. Here is the relevant section of the code that >>>> I'm using; it is the unbind() method that causes the problem: >>>> >>>> ------------------------ >>>> String plaintext = "To be....or not to be; that is the question!"; >>>> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); >>>> cipher.init(Cipher.ENCRYPT_MODE, rsabindkey); >>>> byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); >>>> TcIEncData encdataobject = >>>> tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND); >>>> encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB, >>>> TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB, >>>> TcBlobData.newByteArray(ciphertext)); >>>> bindkey.loadKey(srk); >>>> TcBlobData ptobject = encdataobject.unbind(bindkey); >>>> ------------------------ >>>> >>>> I get the same exception even if I use "NoPadding" in my >>>> cipher's transform. >>>> >>>> Thanks for your help. >>>> >>>> Arshad Noor >>>> StrongAuth, Inc. >>>> >>>> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Trustedjava-support mailing list >> Tru...@li... >> https://lists.sourceforge.net/lists/listinfo/trustedjava-support > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support |