From: Ronald T. <ron...@ia...> - 2011-03-24 09:46:28
|
Hi, I noted you're using Infineon FW 3.16. They have an issue with key certification: IFX TPM's prior to revision 3.17 calculate the signature over the entire TPM_STORE_PUBKEY structure instead of just the modulus, therefore it can't be validated. You could try an firmware update (available for some HP desktops (Windows), dc7900 afair). TcRsaKey.certifyKey() should accommodate for the different structs. TpmCertifyKey2 seems only to be called if TPM_MIGRATEAUTHORITY is set as key flag... Overall, it seem to be a tricky problem. ;) I'd suggest careful debugging across all the stack layers. There might be a small corner case hidden somewhere that we did not think of. Ronald On 03/23/2011 04:56 PM, Mudassar Aslam wrote: > Hi > Well, I tried to step in and find out that just before generating NULL > POINTER exception, following exception occured: > java.lang.ClassCastException: > iaik.tc.tss.api.structs.tpm.TcTpmCertifyInfo2 cannot be cast to > iaik.tc.tss.api.structs.tpm.TcTpmCertifyInfo > Give me some reason to think that my key attributes are causing > TcTpmCertifyInfo2 structure to be returned (see TSS note below). If I > specify OTHER key attributes so that TcTpmCertifyInfo structure is > returned then I might not get exception. Currently I am using > following key attributes: > public static final long BIND_KEY_ATTRIBUTES = > TcTssConstants.TSS_KEY_TYPE_BIND > | > TcTssConstants.TSS_KEY_SIZE_2048 > | > TcTssConstants.TSS_KEY_VOLATILE > | > TcTssConstants.TSS_KEY_NOT_MIGRATABLE; > Any suggestion on the possible key attributes combination? > *********************************************** > TCG SOFTWARE STACK (TSS) SPECIFICATION : PAGE 320 > *********************************************** > pValidationData > Pointer addresses a TSS_VALIDATION structure. After successful > completion of the call the member rgbValidationData of this structure > contains the signature data of the command. The member prgbData of the > structure points to a buffer containing a TCPA_CERTIFY_INFO2 data > stream as specified within the TCG TPM 1.2 Main Specification or a > TCPA_CERTIFY_INFO data stream as specified within the TCG 1.1b Main > Specification. > TCPA_CERTIFY_INFO2: On TPM v1.2 with usage of CMK keys and keys > with locality restrictions (TPM_KEY12 key complex). > TCPA_CERTIFY_INFO: Is returned if the TSS is connected to a TPM v1.1 or > the key which is used on a TPM v1.2 is a legacy one (PCR’s without > locality > -> TPM_KEY key complex). > Regards. > > Mudassar Aslam -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |