Menu
▾
▴
trustedjava-support — Trusted Java General Support
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(4) |
Jul
(10) |
Aug
(6) |
Sep
(6) |
Oct
(5) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(14) |
Mar
(25) |
Apr
(9) |
May
(10) |
Jun
(9) |
Jul
(33) |
Aug
(52) |
Sep
(15) |
Oct
(6) |
Nov
(4) |
Dec
(6) |
| 2008 |
Jan
(27) |
Feb
(3) |
Mar
(6) |
Apr
(7) |
May
(8) |
Jun
(4) |
Jul
(21) |
Aug
(8) |
Sep
(9) |
Oct
(6) |
Nov
(1) |
Dec
(1) |
| 2009 |
Jan
(1) |
Feb
(1) |
Mar
(10) |
Apr
(7) |
May
(8) |
Jun
(10) |
Jul
(11) |
Aug
(17) |
Sep
(13) |
Oct
(13) |
Nov
(1) |
Dec
(5) |
| 2010 |
Jan
(5) |
Feb
(9) |
Mar
(12) |
Apr
(4) |
May
(5) |
Jun
(3) |
Jul
(7) |
Aug
(7) |
Sep
(3) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2011 |
Jan
(9) |
Feb
(3) |
Mar
(24) |
Apr
(3) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(8) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(4) |
Feb
|
Mar
|
Apr
(3) |
May
(12) |
Jun
(7) |
Jul
(9) |
Aug
|
Sep
(14) |
Oct
(19) |
Nov
(4) |
Dec
|
| 2013 |
Jan
(1) |
Feb
(3) |
Mar
(1) |
Apr
(5) |
May
(3) |
Jun
(7) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2014 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(6) |
Jul
(14) |
Aug
(5) |
Sep
(7) |
Oct
(3) |
Nov
|
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
|
Mar
(4) |
Apr
|
May
(1) |
Jun
(9) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(4) |
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(11) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Thomas W. <tc...@to...> - 2007-07-04 18:59:20
|
Hello, > $ sh jtt.sh take_owner -o till [...] > LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host > localhost. > LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1 > LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused > LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet > 18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or > jTSS Wrapper not found. Trying IAIK jTSS. > 18:18:04:405 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > 18:18:04:453 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > 18:18:17:680 [INFO] TakeOwnership::execute (82): TakeOwnership > succeeded The above trace is telling me that you are using the full jTSS and not the wrapper. Taking the ownership succeeded. So far so good. > $ sh jtt.sh read_pubek -o till [...] > 18:18:37:943 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > iaik.tc.tss.api.exceptions.tcs.TcTpmException: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x01 > error code (full): 0x01 > error message: Authentication failed This indeed is strange. Since you have supplied the same password as when taking ownership this should not fail. Back at the IAIK labs we had a machine with an STM 1.2 TPM and as far as I can recall everything worked as expected on that machine. bye, -- Thomas Winkler e-mail: tc...@to... |
|
From: Till B. <ti...@on...> - 2007-07-04 16:44:23
|
Hello,
I am new to this list so fist a hello to everyone.
Now my problem. :)
I just installed JTSS, jTpmTools and the wrapper. I then took ownership of
my TPM, which is a STM 1.2 on a Dell Optiplex GX620, using the following
command:
----
$ sh jtt.sh take_owner -o till
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host
localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1
LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused
LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet
18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
18:18:04:405 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
18:18:04:453 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
18:18:17:680 [INFO] TakeOwnership::execute (82): TakeOwnership
succeeded
----
If I now try to read the pubek, I get the following error:
----
$ sh jtt.sh read_pubek -o till
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host
localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1
LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused
LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet
18:18:37:697 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
18:18:37:897 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
18:18:37:943 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
iaik.tc.tss.api.exceptions.tcs.TcTpmException:
TSS Error:
error layer: 0x00 (TPM)
error code (without layer): 0x01
error code (full): 0x01
error message: Authentication failed
at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(Unknown
Source)
at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdEkHandling.TpmOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.OwnerReadInternalPub(Unknown
Source)
at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspOwnerReadInternalPub_Internal
(TcTspInternal.java:3545)
at iaik.tc.tss.impl.java.tsp.TcTpm.getPubEndorsementKey(Unknown
Source)
at iaik.tc.tss.impl.java.tsp.TcTpm.getPubEndorsementKeyOwner(Unknown
Source)
at iaik.tc.apps.jtt.ek.ReadPublicEk.getEk(ReadPublicEk.java:47)
at iaik.tc.apps.jtt.ek.ReadPublicEk.execute(ReadPublicEk.java:67)
at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
----
Any ideas?
Thanks a lot!
--
Regards
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Thomas W. <tc...@to...> - 2007-06-21 12:17:17
|
Hi Group, I happend to get access to an HP machine featuring a Broadcom 1.2 TPM. Just out of curiosity i gave jTSS (not the wrapper) a try on this machine. I thought that it might be a good idea to share my experiences: - a manual TPM_Startup was required (not a problem of the TPM but most likely of the BIOS) - Broadcom TPMs really do come without EK. That means that it is up to the user to trigger EK creation. Luckily jTSS does support that out of the box (using TciTpm.createEndorsementKey). Calling that function worked as expected and an EK was created. - Subsequent TPM ownership command worked without problems - Boradcom TPMs are not all that fast: running the test suite as shipped with jTSS 0.1 took about 660 seconds - all test cases completed successfully All in all pretty nice result meaning that one more TPM can be added to the list of supported TPMs. Bye, -- Thomas Winkler e-mail: tc...@to... |
|
From: Saurabh A. <tan...@gm...> - 2007-06-20 11:58:04
|
Hi
> > On 6/15/07, Saurabh Arora <tan...@gm...> wrote:
> >>On 6/14/07, Thomas Winkler <tc...@to...> wrote:
> >>>>>>how can i convert a 160 bit string nonce to TcBlobData type in
> >>>>>>jTSSWrapper library ?
> >>>
> >>>The nonce you have is a Java String?
> >>>
> >>>In case you are using jTSS Wrapper < 0.3 use the following code:
> >>>
> >>>TcBlobData blob =
> >>>TcTssStructFactory.newBlobData().initStringASCII("yourNonce");
> >>>
> >>>In case you are using jTSS Wrapper 0.3 use the following code:
> >>>
> >>>TcBlobData blob = TcBlobData.newStringASCII("yourNonce");
> >>
> >>it worked.. but now i get another error :
> >>"nonce in quote does not match expected nonce"
> >>
> >>I want to do a quote operation using my "nonce".
> >>the sample (working) quote code uses :
> >>-------
> >>TcBlobData nonce = context_.getTpm().getRandom(
> >> TcTcpaDefines.TCPA_SHA1BASED_NONCE_LEN);
> >>-------
>
> So the sample code uses a nonce of 160bit / 20byte random data.
>
> >>now when i use :
> >>---------
> >>TcBlobData nonce =
> >>TcTssStructFactory.newBlobData().initString*("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
> >>---------
>
> It is still not clear what you actually want to achieve.
I simply want to use the nonce sent by another service rather than
random generated nonce.
>
> But lets consider 3 options and see what the actual content of 'nonce' is:
>
> TcBlobData nonce;
>
> nonce = TcTssStructFactory.newBlobData().initString("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
> System.out.println("1:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
>
> nonce = TcTssStructFactory.newBlobData().initStringASCII("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
> System.out.println("2:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
>
> byte[] barray = Utils.hexStringToByteArray("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
> nonce = TcTssStructFactory.newBlobData().initByteArray(barray);
> System.out.println("3:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
>
> output:
>
> 1:
> 35 00 31 00 36 00 65 00 62 00 62 00 38 00 36 00
> 66 00 65 00 31 00 64 00 63 00 32 00 34 00 63 00
> 36 00 30 00 39 00 39 00 64 00 32 00 31 00 32 00
> 66 00 66 00 39 00 37 00 31 00 62 00 36 00 31 00
> 62 00 30 00 66 00 35 00 31 00 33 00 37 00 61 00
> 2:
> 35 31 36 65 62 62 38 36 66 65 31 64 63 32 34 63
> 36 30 39 39 64 32 31 32 66 66 39 37 31 62 36 31
> 62 30 66 35 31 33 37 61
> 3:
> 51 6e bb 86 fe 1d c2 4c 60 99 d2 12 ff 97 1b 61
> b0 f5 13 7a
>
>
> >>it gives me the error while verifying the quoteblob(in the code) :
> >>--------
> >>
> >>TcTcpaQuoteInfo quoteInfo = new TcTcpaQuoteInfo(quoteBlob.getData());
> >> if (!quoteInfo.getExternalData().getEncoded().equals(expectedNonce)) {
> >> throw new TcException(
> >> "nonce in quote does not match expected nonce");
> >> }
>
> Now look at the output of
> System.out.println(
> Utils.byteArrayToHexString( quoteInfo.getExternalData().getEncoded().asByteArray())));
>
> what actually is returned, does that match your expectation?
>
interstingly, here i get the result :
35 31 36 65 62 62 38 36 66 65 31 64 63 32 34 63 36 30 39 39 64 32 31 32 66 66 39
which is incomplete result of above number 2 output.
but when i use TcTssValidation quoteBlob (as mentioned above) instead
of TcTcpaQuoteInfo quoteInfo, i get the complete match as output No. 2
i hv two questions :
- what is the low/high level difference between TcTcpaQuoteInfo and
TcTssValidation ?
- why are both output different ?
regards
Saurabh
|
|
From: Martin P. <Mar...@ia...> - 2007-06-18 13:15:38
|
Hi...
Saurabh Arora wrote:
> I wish this group was more active in co-operation.
Considering the number of downloads, yes, this list is surprisingly quiet.
But this may be because open source allows anyone to just "dive" into
the source and figure out why something is not working as expected.
No external dependencies, isn't that great?
> On 6/15/07, Saurabh Arora <tan...@gm...> wrote:
>>On 6/14/07, Thomas Winkler <tc...@to...> wrote:
>>>>>>how can i convert a 160 bit string nonce to TcBlobData type in
>>>>>>jTSSWrapper library ?
>>>
>>>The nonce you have is a Java String?
>>>
>>>In case you are using jTSS Wrapper < 0.3 use the following code:
>>>
>>>TcBlobData blob =
>>>TcTssStructFactory.newBlobData().initStringASCII("yourNonce");
>>>
>>>In case you are using jTSS Wrapper 0.3 use the following code:
>>>
>>>TcBlobData blob = TcBlobData.newStringASCII("yourNonce");
>>
>>it worked.. but now i get another error :
>>"nonce in quote does not match expected nonce"
>>
>>I want to do a quote operation using my "nonce".
>>the sample (working) quote code uses :
>>-------
>>TcBlobData nonce = context_.getTpm().getRandom(
>> TcTcpaDefines.TCPA_SHA1BASED_NONCE_LEN);
>>-------
So the sample code uses a nonce of 160bit / 20byte random data.
>>now when i use :
>>---------
>>TcBlobData nonce =
>>TcTssStructFactory.newBlobData().initString*("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
>>---------
It is still not clear what you actually want to achieve.
But lets consider 3 options and see what the actual content of 'nonce' is:
TcBlobData nonce;
nonce = TcTssStructFactory.newBlobData().initString("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
System.out.println("1:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
nonce = TcTssStructFactory.newBlobData().initStringASCII("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
System.out.println("2:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
byte[] barray = Utils.hexStringToByteArray("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
nonce = TcTssStructFactory.newBlobData().initByteArray(barray);
System.out.println("3:\n"+Utils.byteArrayToHexString( nonce.asByteArray()));
output:
1:
35 00 31 00 36 00 65 00 62 00 62 00 38 00 36 00
66 00 65 00 31 00 64 00 63 00 32 00 34 00 63 00
36 00 30 00 39 00 39 00 64 00 32 00 31 00 32 00
66 00 66 00 39 00 37 00 31 00 62 00 36 00 31 00
62 00 30 00 66 00 35 00 31 00 33 00 37 00 61 00
2:
35 31 36 65 62 62 38 36 66 65 31 64 63 32 34 63
36 30 39 39 64 32 31 32 66 66 39 37 31 62 36 31
62 30 66 35 31 33 37 61
3:
51 6e bb 86 fe 1d c2 4c 60 99 d2 12 ff 97 1b 61
b0 f5 13 7a
>>it gives me the error while verifying the quoteblob(in the code) :
>>--------
>>
>>TcTcpaQuoteInfo quoteInfo = new TcTcpaQuoteInfo(quoteBlob.getData());
>> if (!quoteInfo.getExternalData().getEncoded().equals(expectedNonce)) {
>> throw new TcException(
>> "nonce in quote does not match expected nonce");
>> }
Now look at the output of
System.out.println(
Utils.byteArrayToHexString( quoteInfo.getExternalData().getEncoded().asByteArray())));
what actually is returned, does that match your expectation?
HTH
--
Martin Pirker
IAIK, TU Graz
|
|
From: Saurabh A. <tan...@gm...> - 2007-06-18 08:37:15
|
I wish this group was more active in co-operation.
On 6/15/07, Saurabh Arora <tan...@gm...> wrote:
> Hi
>
> On 6/14/07, Thomas Winkler <tc...@to...> wrote:
> > Hi,
> >
> > > > > how can i convert a 160 bit string nonce to TcBlobData type in
> > > > > jTSSWrapper library ?
> >
> > The nonce you have is a Java String?
> >
> > In case you are using jTSS Wrapper < 0.3 use the following code:
> >
> > TcBlobData blob =
> > TcTssStructFactory.newBlobData().initStringASCII("yourNonce");
> >
> > In case you are using jTSS Wrapper 0.3 use the following code:
> >
> > TcBlobData blob = TcBlobData.newStringASCII("yourNonce");
> >
>
> it worked.. but now i get another error :
> "nonce in quote does not match expected nonce"
>
> I want to do a quote operation using my "nonce".
> the sample (working) quote code uses :
> -------
>
> TcBlobData nonce = context_.getTpm().getRandom(
> TcTcpaDefines.TCPA_SHA1BASED_NONCE_LEN);
> -------
>
> now when i use :
> ---------
> TcBlobData nonce =
> TcTssStructFactory.newBlobData().initString*("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
> ---------
>
> it gives me the error while verifying the quoteblob(in the code) :
> --------
>
> TcTcpaQuoteInfo quoteInfo = new TcTcpaQuoteInfo(quoteBlob.getData());
> if (!quoteInfo.getExternalData().getEncoded().equals(expectedNonce)) {
> throw new TcException(
> "nonce in quote does not match expected nonce");
> }
>
> --------
>
>
> ne pointers what is going wrong here ?
>
> regards
> Saurabh
>
|
|
From: Saurabh A. <tan...@gm...> - 2007-06-14 15:45:47
|
Hi
On 6/14/07, Thomas Winkler <tc...@to...> wrote:
> Hi,
>
> > > > how can i convert a 160 bit string nonce to TcBlobData type in
> > > > jTSSWrapper library ?
>
> The nonce you have is a Java String?
>
> In case you are using jTSS Wrapper < 0.3 use the following code:
>
> TcBlobData blob =
> TcTssStructFactory.newBlobData().initStringASCII("yourNonce");
>
> In case you are using jTSS Wrapper 0.3 use the following code:
>
> TcBlobData blob = TcBlobData.newStringASCII("yourNonce");
>
it worked.. but now i get another error :
"nonce in quote does not match expected nonce"
I want to do a quote operation using my "nonce".
the sample (working) quote code uses :
-------
TcBlobData nonce = context_.getTpm().getRandom(
TcTcpaDefines.TCPA_SHA1BASED_NONCE_LEN);
-------
now when i use :
---------
TcBlobData nonce =
TcTssStructFactory.newBlobData().initString*("516ebb86fe1dc24c6099d212ff971b61b0f5137a");
---------
it gives me the error while verifying the quoteblob(in the code) :
--------
TcTcpaQuoteInfo quoteInfo = new TcTcpaQuoteInfo(quoteBlob.getData());
if (!quoteInfo.getExternalData().getEncoded().equals(expectedNonce)) {
throw new TcException(
"nonce in quote does not match expected nonce");
}
--------
ne pointers what is going wrong here ?
regards
Saurabh
|
|
From: Thomas W. <tc...@to...> - 2007-06-14 05:43:47
|
Hi,
> > > how can i convert a 160 bit string nonce to TcBlobData type in
> > > jTSSWrapper library ?
The nonce you have is a Java String?
In case you are using jTSS Wrapper < 0.3 use the following code:
TcBlobData blob =
TcTssStructFactory.newBlobData().initStringASCII("yourNonce");
In case you are using jTSS Wrapper 0.3 use the following code:
TcBlobData blob = TcBlobData.newStringASCII("yourNonce");
Nontice: The main difference between 0.3. and older versions here is that the
StructFactory was replaced by factory methods.
hth,
--
Thomas Winkler
e-mail: tc...@to...
|
|
From: Saurabh A. <tan...@gm...> - 2007-06-13 08:23:31
|
hi martin On 6/13/07, Martin Pirker <Mar...@ia...> wrote: > Saurabh Arora wrote: > > how can i convert a 160 bit string nonce to TcBlobData type in > > jTSSWrapper library ? > > > > i hv tried : > > initString* functions, and get the "nullpointer exception" error. > > Looking at the Javadoc: > http://trustedjava.sourceforge.net/jtss/javadoc_tsp/iaik/tc/tss/api/structs/common/TcBlobData.html > > There is only one method starting with "initString*", that is "initStringASCII". > As guessable from the name, it expects a String containing only ASCII chars. > > If you want to pass in a 160bit nonce binary blob the "newByteArray" method > may be your choice? > > i shud have mentioned.. i am using jTSSWrapper 0.2.5 and in this version there are many initString* functions. for few reasons i cannot port to 0.3 anytime soon. and hence my problem remains same. ne solution ? regards Saurabh |
|
From: Martin P. <Mar...@ia...> - 2007-06-13 08:01:09
|
Saurabh Arora wrote: > how can i convert a 160 bit string nonce to TcBlobData type in > jTSSWrapper library ? > > i hv tried : > initString* functions, and get the "nullpointer exception" error. Looking at the Javadoc: http://trustedjava.sourceforge.net/jtss/javadoc_tsp/iaik/tc/tss/api/structs/common/TcBlobData.html There is only one method starting with "initString*", that is "initStringASCII". As guessable from the name, it expects a String containing only ASCII chars. If you want to pass in a 160bit nonce binary blob the "newByteArray" method may be your choice? HTH -- Martin Pirker IAIK, TU Graz |
|
From: Saurabh A. <tan...@gm...> - 2007-06-13 03:06:00
|
Hi how can i convert a 160 bit string nonce to TcBlobData type in jTSSWrapper library ? i hv tried : initString* functions, and get the "nullpointer exception" error. regards Saurabh |
|
From: Thomas W. <tc...@to...> - 2007-05-22 13:19:51
|
Hi, > I use JTSS and not JTSSWrapper and i tried to compile > iak.jtss.tsp.tests.jar in the tests subfolder: > > java -jar iaik.jtss.tsp.tests.jar Interesting. Where did you read that the tests can be run this way? First of all you do not have to "compile" a jar file. It already contains the compiled class files. Secondly, the section 5 of the jTSS readme reads: "[...] Additionally to the provided JavaDoc, some example code demonstrating the basic usage of IAIK jTSS is included in the src/jtss_tsp/src_tests subfolder. It contains a set of jUnit test cases which can be used as a basis for own developments. A precompiled version of this test code is located in the tests subfolder. A shell script to run the tests is included. [...]" > What is the problem? Maybe i do something wrong, i don't know. Considering the readme snippet from above: Yes you probably are doing something wrong (reading documentation might help here....). Anyway - to get you going: * go into the tests folder * there you will find a run_tests.sh (and run_tests.cmd if you are using the other OS) * the tests require jUnit so you might have to adapt the script file (or under set the JUNIT_HOME environment variable when running on Linux) * start the script and if your TPM is accessible via the dev filesystem (or TBS on the other OS) then you should see the test output messages on your screen. hth && please read the docs next time, -- Thomas Winkler e-mail: tc...@to... |
|
From: francesca f. <fra...@ju...> - 2007-05-22 12:56:29
|
hi, I use JTSS and not JTSSWrapper and i tried to compile = iak.jtss.tsp.tests.jar in the tests subfolder: java -jar iaik.jtss.tsp.tests.jar but it said: Failed to load Main-Class manifest attribute from = iaik_jtss_tsp_tests.jar What is the problem? Maybe i do something wrong, i don't know. francesca |
|
From: Thomas W. <tc...@to...> - 2007-05-22 10:54:40
|
Hello, > i tried to use the script located in tests subfolder in the IAIK JTSS and i > modified it according to my enviroment, but it said that it didn't find the > TestMain You are using jTSS and not jTSS Wrapper, correct? > i tried to compile TestMain.java but it found a lot of error Both, jTSS and jTSS Wrapper come with pre-compiled java classes (contained in the jar libraries). There is no need to compile anything by hand. If you still want to do that: It is _very_ hard to guess what the problem is without any error trace... > What are the steps that i have to do to execute the examples? The steps are described in the included readme file. Regards, -- Thomas Winkler e-mail: tc...@to... |
|
From: Saurabh A. <tan...@gm...> - 2007-05-22 06:35:24
|
Hi Thomas On 5/20/07, Thomas Winkler <tc...@to...> wrote: > Hi, > > > trousers 0.2.9 > > jTSS 0.2.5 > > jTpmtools 0.2 > > Tccert 0.2.1.a > > Although you are not using the latest versions, this combination should be ok > (jTSS Wrapper 0.3 and friends mostly introduced changes to the API but did > not bring many substantial "under the hood" changes). > I have not tested your code but one thing you should double check is the > policy handling. Keep in mind that by default all TSP level object are > assigned to the default policy upon creation. By accident you might have used > the default policy for your objects (and reset the default policy secret at > some point) instead of creating and assigning individual policy objects. > I am using jtpmtools createaik code for creating/registering aik. so i dont play with policies there, i just provide owner,srk,aik secret in commandline with ASCII encoding and no null termination. and the loading key code is in front of you, which i think have same policies as in createaik code. and now ? regards Saurabh |
|
From: francesca f. <fra...@ju...> - 2007-05-21 21:08:51
|
Hi, i tried to use the script located in tests subfolder in the IAIK JTSS = and i modified it according to my enviroment, but it said that it didn't = find the TestMain i tried to compile TestMain.java but it found a lot of error What are the steps that i have to do to execute the examples? i want to understand if i have correctly installed the package. thanks, Francesca |
|
From: Thomas W. <tc...@to...> - 2007-05-19 19:38:24
|
Hi, > trousers 0.2.9 > jTSS 0.2.5 > jTpmtools 0.2 > Tccert 0.2.1.a Although you are not using the latest versions, this combination should be ok (jTSS Wrapper 0.3 and friends mostly introduced changes to the API but did not bring many substantial "under the hood" changes). I have not tested your code but one thing you should double check is the policy handling. Keep in mind that by default all TSP level object are assigned to the default policy upon creation. By accident you might have used the default policy for your objects (and reset the default policy secret at some point) instead of creating and assigning individual policy objects. bye, -- Thomas Winkler e-mail: tc...@to... |
|
From: Saurabh A. <tan...@gm...> - 2007-05-18 19:38:36
|
hi trousers 0.2.9 jTSS 0.2.5 jTpmtools 0.2 Tccert 0.2.1.a regards saurabh On 5/19/07, Saurabh Arora <tan...@gm...> wrote: > hi > > trousers 0.2.9 > jTSS 0.2.5 > jTpmtools 0.2 > Tccert 0.2.1.a > > > regards > saurabh > > > On 5/18/07, Thomas Winkler <tc...@to...> wrote: > > Hi, > > > > Could you please specify which version of TrouSerS and jTSS Wrapper you are > > using? > > > > Thanks, > > -- > > Thomas Winkler > > e-mail: tc...@to... > > > |
|
From: Saurabh A. <tan...@gm...> - 2007-05-18 19:38:01
|
On 5/18/07, Thomas Winkler <tc...@to...> wrote: > Hi, > > Could you please specify which version of TrouSerS and jTSS Wrapper you are > using? > > Thanks, > -- > Thomas Winkler > e-mail: tc...@to... > |
|
From: Thomas W. <tc...@to...> - 2007-05-18 13:03:47
|
Hi, Could you please specify which version of TrouSerS and jTSS Wrapper you are using? Thanks, -- Thomas Winkler e-mail: tc...@to... |
|
From: Saurabh A. <tan...@gm...> - 2007-05-16 07:34:50
|
Hi
I am trying to do a Quote operation.
when i create the aik key and use it for quote it works for me. But
when i try to load the Aik key from persistent storage, i am unable to
do a successful quote operation.
following is the code i am using :
LoadAik_and_Do_Quote() {
/***** srk - loading policies, setting secret ******/
TcBlobData srkSecret =
TcTssStructFactory.newBlobData().initString("tanish", false, "ASCII");
long srkSecretMode = TcTssDefines.TSS_SECRET_MODE_PLAIN;
TcIRsaKey srk =
context_.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());
TcIPolicy srkPolicy = srk.getUsagePolicy(); /* default policy */
srkPolicy.setSecret(srkSecretMode, srkSecret);
/***** aik - setting policies,secret ******/
TcBlobData aikSecret =
TcTssStructFactory.newBlobData().initString("password", false,
"ASCII");
long aikSecretMode = TcTssDefines.TSS_SECRET_MODE_PLAIN;
TcIPolicy aikUsgPolicy =
context_.createPolicyObject(TcTssDefines.TSS_POLICY_USAGE);
/***** UUID to be called from storage : 1.2.3.4.5.010203040505 ******/
TcTssUuid aikUuid = null;
short array[] = {1,2,3,4,5,5};
aikUuid = TcTssStructFactory.newUuid().init(1, 2, 3, (short) 4,
(short) 5,array);
TcIRsaKey aikKey_ =
context_.getKeyByUuid(TcTssDefines.TSS_PS_TYPE_SYSTEM, aikUuid);
aikUsgPolicy.assignToObject(aikKey_);
TcIPolicy aikPolicy = aikKey_.getUsagePolicy();
aikUsgPolicy.setSecret(aikSecretMode,aikSecret);
aikKey_.loadKey(srk);
/******* quote ************/
TcIPcrComposite pcrs = context_.createPcrCompositeObject(0);
for (int i = 0; i < pcrList.length; i++) {
pcrs.selectPcrIndex(pcrList[i]);
}
TcTssValidation validation = TcTssStructFactory.newValidation();
validation.setExternalData(nonce);
// do the quote and return the resulting blob
validation = tpm.quote(aikKey_, pcrs, validation); // <----- Error line
}
==================================================
I get the following error :
TSPI call error:
error code: 0x01
error message: TPM layer: Authentication failed
at iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java:102)
at iaik.tss.impl.jni.TcTpm.quote(TcTpm.java:482)
at "Error line"
==================================================
i using correct passwords for srk and aik.
What may be going wrong ??
regards
Saurabh
|
|
From: Saurabh A. <tan...@gm...> - 2007-04-25 14:42:01
|
Hi Thomas On 4/20/07, Thomas Winkler <tho...@ia...> wrote: > Hello, > > > Now I want to vaildate/verify the quote and I am worried > > whether I can really do that without Trousers/JTSS support ?? > > Yes - you can do that. > For quote validation you do not need a TPM and hence no TrouSerS of > jTSS. You can do it all in software. But, thats exactly i am trying to do. I want to verify quote without using trousers/jTSS on a non-tpm machine. but quote outputs me TcTssValidation type quoteBlob, TcTcpaPubkey public key and TcBlobData type nonce. and if i cant cast them under normal types in other platforms , would mean that you can not do quote verification without trousers ? saurabh |
|
From: Saurabh A. <tan...@gm...> - 2007-04-25 14:30:55
|
Hi On 4/25/07, Nektarios Ioannides <ine...@gm...> wrote: > Hello, > > Yes, I understand. Well the reason I wanted to do that was because I was > trying to "simulate" the signing of the PCR-values with an AIK by copying > the PCR-values given by the "pcr_read" jTPMTools command and manually > copying them into a text file and then signing that textfile with some key ! > Since the textfile is just an ordinary data file only the storage key seemed > to work. (right?) you want to sign PCR values, i assume you would not need to sign all 16/24 PCRs.. only required ones. so better not convert it into text file. and specify the pcr-index you want to use in tpm_quote operation. > > Assuming I am... is there a way to sign the ACTUAL PCR-values from the TPM > with an AIK that I have created? Does this already exist somewhere in the > jTSSWrapper source code? this process is tpm_quote and yes it exist in trustedjava suite. For tpm_quote, look at the junit tests which comes with the jTssWrapper package. it has a testquote.java file. > > The reason I am asking all these questions is that ultimately, I would like > to be able to implement a small java application in which a Client manages > to attest its self to a Challenger before the Challenger allows it to > perform some other operation. That is, I would like to perform a full > Attestation procedure (or as full as it is currently possible). > > If I'm not mistaken, from what I've understood from the jTSSWrapper source > code, when creating an AIK key, some steps of an Attestation procedure are > included as well. (i.e. the "create_aik" command from jTPMTools does not > only create an AIK key pair but also assumes that a PrivacyCA has certified > the AIK as well. Is this correct? yes. instead of assuming, it simulates a PrivacyCA and do that. i would recommend you to look the source code of jTpmtools package, which is inside the respective jar file. codes are well documented and self explanatory. you will get the answer of all your ques. > > Since I am interested in performing an attestation procedure, I would also > need to know, Is there a way to extract the Storage Measurement Log (SML) > from the TPM through jTSSWrapper code? i do not think there is any method to do that. but if you are using Linux-IMA kernel you can easily check the measurement list. > > Also is the AIK certificate that has been signed by the PrivacyCA (and will > have to be verified by the Challenger afterwards) the aik-uuid<some > numbers>.cert file that appears on disk after I run a successful > "create_aik" command? > yes. file creation on disk is the last step in the above command implementation. somewhile ago, i was at the same position where you are. I made a java app, which is running on top of JTSS libraries, and to complete the attestation procedure, i used the following steps: - call aik_create with appropriate values(aik,owner,srk passwords , ini files) - after the aik_keys are activated, i use them to quote desired PCR values. -------------- best saurabh |
|
From: Nektarios I. <ine...@gm...> - 2007-04-25 10:57:14
|
Hello, Yes, I understand. Well the reason I wanted to do that was because I was trying to "simulate" the signing of the PCR-values with an AIK by copying the PCR-values given by the "pcr_read" jTPMTools command and manually copying them into a text file and then signing that textfile with some key ! Since the textfile is just an ordinary data file only the storage key seemed to work. (right?) Assuming I am... is there a way to sign the ACTUAL PCR-values from the TPM with an AIK that I have created? Does this already exist somewhere in the jTSSWrapper source code? The reason I am asking all these questions is that ultimately, I would like to be able to implement a small java application in which a Client manages to attest its self to a Challenger before the Challenger allows it to perform some other operation. That is, I would like to perform a full Attestation procedure (or as full as it is currently possible). If I'm not mistaken, from what I've understood from the jTSSWrapper source code, when creating an AIK key, some steps of an Attestation procedure are included as well. (i.e. the "create_aik" command from jTPMTools does not only create an AIK key pair but also assumes that a PrivacyCA has certified the AIK as well. Is this correct? Since I am interested in performing an attestation procedure, I would also need to know, Is there a way to extract the Storage Measurement Log (SML) from the TPM through jTSSWrapper code? Also is the AIK certificate that has been signed by the PrivacyCA (and will have to be verified by the Challenger afterwards) the aik-uuid<some numbers>.cert file that appears on disk after I run a successful "create_aik" command? Finally, is there an API / Documentation for jTSSWrapper ? It would be really useful for me and less annoying for you... :-) In any case, many thanks once again, Nektarios P.S Is the TPM_QUOTE command implemented somewhere in jTSSWrapper? I have found some references to it in the source code but was not quite sure as to what I was looking at was such an implementation or not... On 23/04/07, Thomas Winkler <tho...@ia...> wrote: > > Hello, > > > However, now I would like to do something "useful" with an AIK instead > > of a "storage" or "legacy" type key. That is, be able to either "bind" > > or "seal" some data ( e.g. some textfile) using an AIK I have created > > previously. > > Short answer: You can't. > > Longer answer: An AIK can only be used for TPM Quote and CertifyKey > operations. You can not use an AIK to e.g. bind or seal data. That is > not some arbitrary limitation imposed by the TSS or jTSS implementations > but that is the way the TPM works. For more details please have a look > at the TPM specification. > > Regards, > Thomas Winkler > > |
|
From: Thomas W. <tho...@ia...> - 2007-04-23 05:27:15
|
Hello, > However, now I would like to do something "useful" with an AIK instead > of a "storage" or "legacy" type key. That is, be able to either "bind" > or "seal" some data ( e.g. some textfile) using an AIK I have created > previously. Short answer: You can't. Longer answer: An AIK can only be used for TPM Quote and CertifyKey operations. You can not use an AIK to e.g. bind or seal data. That is not some arbitrary limitation imposed by the TSS or jTSS implementations but that is the way the TPM works. For more details please have a look at the TPM specification. Regards, Thomas Winkler |
87 messages has been excluded from this view by a project administrator.
