[Trustedjava-support] Bug in CollateIdentity

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

There's a TSS/TPM mismatch in your implementation.  The pass in 
algorithm value for TcITpm.CollateIdentity is one of TSS_ALG_* per the 
software stack document, BUT the values in the encrypted 
TPM_IDENTITY_REQ (aka TcTpmIdentityReq) are supposed to be TPM_* values 
per part 2.  Specifically, identityReq.symAlgorithm.algorithmID is 
supposed to be of type TPM_ALGORITHM_ID and 
identityReq.symAlgorithm.encScheme is supposed to be of type 
TPM_ENC_SCHEME (one of TPM_ES_SYM_*).

Instead, it looks like the TSS_ALG_ value is being stored in the blob 
for the algorithmId.  I'm still trying to find out where the encScheme 
value of "21" is coming.

Continuing on this, CBC isn't a valid encryption scheme for AES keys 
according to 5.8.1 of part 2.  CTR or OFB appear to be required.

TPM_ES_SYM_CNT should probably be TPM_ES_SYM_CTR in 
iaik.tc.tss.api.constants.tpm.

Mike