Menu
▾
▴
Re: [Trustedjava-support] Binding through public part of binding key
|
From: Ronald T. <ron...@ia...> - 2012-04-23 09:02:42
|
Hi Shakir,
The data must be stored in the appropriate TPM data structure before it
is encrypted.
The best will be to refer to the source code of jTT on how this is done.
Hoping to help,
Ronald
On 04/23/2012 06:58 AM, Shakir Ullah Shah wrote:
> I'm trying to bind some data using the public part of a binding key.
> I've exported the public part through:
>
> byte blob[] = null;
> try {
> File f = new File(BINDKEY_FILENAME);
> blob = new byte[(int) f.length()];
> FileInputStream fi = new FileInputStream(f);
> fi.read(blob);
> } catch (Exception e) {
> e.printStackTrace();
> }
>
> TcBlobData srkSecret = TcBlobData
> .newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
> long srkSecretMode = TcTssConstants.TSS_SECRET_MODE_SHA1;
>
> TcIRsaKey srk = context.loadKeyByUuidFromSystem(TcUuidFactory
> .getInstance().getUuidSRK());
>
> TcIPolicy srkPolicy = srk.getUsagePolicyObject();
> srkPolicy.setSecret(srkSecretMode, srkSecret);
> srkPolicy.assignToObject(srk);
>
> // create a TcBlobData using
> TcBlobData keyBlob = TcBlobData.newByteArray(blob);
>
> // load the key using this blob
> TcIRsaKey identityKey = context.loadKeyByBlob(srk, keyBlob);
>
> TcIRsaKey pubBindKey = identityKey;
> TcBlobData pubBindKeyBlob = pubBindKey.getAttribData(
> TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
> TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY);
>
> // write this pubBindKeyBlob to a file and send it to the challenger
> File f = new File(BINDKEY_PUB_FILENAME);
> byte[] pubKeyBytes = pubBindKeyBlob.asByteArray();
> System.out.println(pubKeyBytes);
> FileOutputStream fo = new FileOutputStream(f);
>
> fo.write(pubKeyBytes);
> fo.close();
>
>
> The encryption algorithm is the following:
>
>
> public static byte[] encrypt(byte[] text, RSAPublicKey key)
> throws Exception {
>
> byte[] cipherText = null;
> Cipher cipher = Cipher.getInstance("RSA");
> cipher.init(Cipher.ENCRYPT_MODE, key);
> cipherText = cipher.doFinal(text);
> return cipherText;
> }
>
> public static void main(String[] argv) {
> final String pubBindKeyFilename = "bac_bind_pub.key";
> String fileforEncryption = "inputFileforEncryption";
>
> // first get the pubBindKeyBlob from file (received from the
> target earlier)
> byte pubBindKey[] = null;
> byte bytefileEncryption[] = null;
> byte byteDataEncrypted[] = null;
>
> File f = new File(pubBindKeyFilename);
> pubBindKey = new byte[(int) f.length()];
> FileInputStream fi = new FileInputStream(f);
> fi.read(pubBindKey);
> TcBlobData pubBindKeyBlob = TcBlobData.newByteArray(pubBindKey);
> TcTpmPubkey pubBindKeyStruct = new TcTpmPubkey(pubBindKeyBlob);
> RSAPublicKey rsaPub = TcCrypto.pubTpmKeyToJava(pubBindKeyStruct);
>
> File ftemp = new File(fileforEncryption);
> bytefileEncryption = new byte[(int) ftemp.length()];
> FileInputStream fitemp = new FileInputStream(ftemp);
> fitemp.read(bytefileEncryption);
>
> byteDataEncrypted = encrypt(bytefileEncryption, rsaPub);
> String outFilename = "outputEncRsaFile";
>
> File f2 = new File(outFilename);
> FileOutputStream fo = new FileOutputStream(f2);
> fo.write(byteDataEncrypted);
> fo.close();
>
>
> I'm using jTpmTools to decrypt the data using the binding key. Here's
> the command for the decryption using jTpmTools:
>
> unbind -i /path/to/outputEncRsaFile -o
> /path/to/outputdecEncRsaFile -u 00000001-0002-0003-0405-9296a5ae537a
>
> The UUID is of the same binding key that I've exported. I'm getting
> the following exception though. I'm not sure what I'm doing wrong.
>
> 00:55:30:935 [INFO] Unbind::execute (123): Using default
> TSS_WELL_KNOWN_SECRET as key secret
> 00:55:31:078 [INFO] TcTcsEventMgrMem::<init> (44): Using "in
> memory" event log.
> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>
> TSS Error:
> error layer: 0x00 (TPM)
> error code (without layer): 0x21
> error code (full): 0x21
> error message: The decryption process did not complete.
>
> at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
> at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244)
> at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
> at
> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442)
> at
> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766)
> at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:255)
> at iaik.tc.apps.jtt.data.Unbind.execute(Unbind.java:171)
> at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
> at
> iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41)
> at iaik.tc.apps.JTpmTools.main(JTpmTools.java:224)
>
> 00:55:31:561 [ERROR] JTpmTools::main (235): application exits
> with error:
>
> TSS Error:
> error layer: 0x00 (TPM)
> error code (without layer): 0x21
> error code (full): 0x21
> error message: The decryption process did not complete.
>
>
> Any help would be greatly appreciated.
>
>
>
> ------------------------------------------------------------------------------
> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
> http://p.sf.net/sfu/Boundary-d2dvs2
>
>
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
