trustedjava-support — Trusted Java General Support

Re: [Trustedjava-support] TPM Disabled

[<Hon...@cs...>]

Hi Adam,

Check the motherboard's BIOS setup to see if there are settings relating =
to TPM.  They might help.

Hon Hwang.

[Trustedjava-support] TPM Disabled

[Demonic S. <dem...@gm...>]

Hello,

I am working with a TPM 1.2 chip (Infineon 9635).  I was wondering if
anyone has been recieving a "TPM disabled" error message while running
trousers.  I am using the tpm_tis kernel module, primarily because I
can not get the tpm_infineon kernel module to load on my system.  On
an aside, when I try to load the tpm_infineon k. module, the kernel
does not associate the loaded module with my tpm.  I am using FC5,
Linux Kernel 2.6.18, and I load the module with: 'modprobe tpm_tis
force=1 interrupts=0', which forces the module to load and disables
the interrupts.  My system Mainboard is a MSI K8NGM2-NBP with an AMD
64X2 processor.

When I start trousers, I do the self test and that will execute with
no problem, but any other commands (e.g. tpm_takeownership, tpm_clear,
etc.) will result in the following error:
  Tspi_TPM_ClearOwner failed: 0x00000007 - layer=tpm, code=0007 (7),
TPM is disabled

Below is the context of the message:
# tpm_takeownership
Enter owner password:
Confirm password:
Enter SRK password:
Confirm password:
LOG_DEBUG TSPI ../tcsd_api/clntside.c:58 Sending TSP packet to host localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:74 Connecting to 127.0.0.1
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:277 TCS_OpenContext_RPC_TP:
Received TCS Context: 0xa0881e09
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:2904 TCSP_ReadPubek_TP: TCS
Context: 0xa0881e09
Tspi_TPM_TakeOwnership failed: 0x00000007 - layer=tpm, code=0007 (7),
TPM is disabled
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:355 TCS_CloseContext_TP: TCS
Context: 0xa0881e09

Thanks in advance,

Adam

[Trustedjava-support] TPM Disabled

[Adam P. <Ada...@gm...>]

Hello,

I am working with a TPM 1.2 chip (Infineon 9635).  I was wondering if
anyone has been recieving a "TPM disabled" error message while running
trousers.  I am using the tpm_tis kernel module, primarily because I
can not get the tpm_infineon kernel module to load on my system.  On
an aside, when I try to load the tpm_infineon k. module, the kernel
does not associate the loaded module with my tpm.  I am using FC5,
Linux Kernel 2.6.18, and I load the module with: 'modprobe tpm_tis
force=1 interrupts=0', which forces the module to load and disables
the interrupts.  My system Mainboard is a MSI K8NGM2-NBP with an AMD
64X2 processor.

When I start trousers, I do the self test and that will execute with
no problem, but any other commands (e.g. tpm_takeownership, tpm_clear,
etc.) will result in the following error:
   Tspi_TPM_ClearOwner failed: 0x00000007 - layer=tpm, code=0007 (7),
TPM is disabled

Below is the context of the message:
# tpm_takeownership
Enter owner password:
Confirm password:
Enter SRK password:
Confirm password:
LOG_DEBUG TSPI ../tcsd_api/clntside.c:58 Sending TSP packet to host localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:74 Connecting to 127.0.0.1
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:277 TCS_OpenContext_RPC_TP:
Received TCS Context: 0xa0881e09
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:2904 TCSP_ReadPubek_TP: TCS
Context: 0xa0881e09
Tspi_TPM_TakeOwnership failed: 0x00000007 - layer=tpm, code=0007 (7),
TPM is disabled
LOG_DEBUG TSPI ../tcsd_api/tcstp.c:355 TCS_CloseContext_TP: TCS
Context: 0xa0881e09

Thanks in advance,

Adam

[Trustedjava-support] IAIK/OpenTC Java TSS Wrapper 0.2.4 released

[Thomas W. <tho...@ia...>]

Dear Mailing-List Members,

The trusted computing team of IAIK hereby announces the immediate 
availability of the IAIK/OpenTC Java TSS Wrapper 0.2.4.

The Java TSS Wrapper provides an object oriented Java API for 
interaction with the TCG Software Stack (TSS) for Java applications. 
Version 0.2.4 is a maintenance release. Compared to version 0.2.3 the 
following changes have been integrated (for more information please 
refer to the changelog provided in the download package):

- adaptions for TrouSerS 0.2.8
This release of the jTSS Wrapper has been updated to work with 
TrouSerS 0.2.8.	This includes changes of the TSS_VALIDATION struct 
(according to TSS Header file Errata 1) as well as modifications for 
changed behavior of getAttribData when reading public key blobs.
Please note that jTSS Wrapper 0.2.4 requires TrouSerS 0.2.8 to function 
properly. It will not work with older TrouSerS version. Furthermore, 
TrouSerS versions older than 0.2.8 should not be used with jTSS Wrapper 
0.2.4.

- update of symmetric encryption for identity creation
The symmetric encryption used in the process of AIK creation has been 
changed in TrouSerS 0.2.8. Instead of ECB, now CBC is used as mode of 
operation.

- string encoding
Based on discussions in the TSS-WG, the default string encoding has been 
changed from UTF-16 to UTF-16LE. This change is expected to be part of 
an upcoming TSS 1.2 errata document.

- tested TPMs and TSSs
This release has been tested with TrouSerS 0.2.8 on the following TPMs: 
TPM Emulator 0.4 (and newer CVS versions), Infineon 1.1b TPM (SLD 9630 
TT 1.1). Additional tests have been done with a modified TrouSerS 0.2.8 
(with IFX 1.2 patch) on Infineon 1.2 TPMs (SLB 9635 TT 1.2).

Documentation and source code are available at the Sourceforge website 
at: http://trustedjava.sourceforge.net
Comments, questions and feature requests are always welcome.

Regards,
Thomas Winkler
IAIK, TU Graz

[Trustedjava-support] Infineon TPM 1.2 DUAL Patch for TrouSerS 0.2.8

[Thomas W. <tho...@ia...>]

The trusted computing team of IAIK hereby announces the immediate 
availability of the Infineon TPM 1.2 DUAL Patch for TrouSerS 0.2.8.

This patch is intended to make the TrouSerS TSS (which currently only 
supports v 1.1b TPMs) run on Infineon 1.2 TPMs (SLB 9635 TT 1.2). TPM 
Spec. 1.2 deprecates numerous commands which therefore are no longer 
implemented in Infineon 1.2 TPMs.

This patch is a forward-port of the original patch for TrouSerS 0.2.6. 
Additionally, it includes the following new features:

- The patch now contains TPM version detection. Therefore, a patched 
TrouSerS works on both - 1.1b and Infineon 1.2 TPMs.
The TPM version detection is performed on a 'per context' basis which 
means that different context objects can be connected to different TPMs 
(i.e. different core services running on different TPMs).

- Workaround for TPM Emulator: TPM Emulator from ETH Zuerich claims to 
be a 1.2 TPM but does not fully implement LoadKey2. The patched TrouSerS 
contains a workaround to function properly when running on TPM Emulator.

- Data sealing now works: Infineon 1.2 TPMs seem to expect an instance 
of TPM_PCR_INFO_LONG instead of TPM_PCR_INFO as pcrInfo parameter in the 
TPM_Seal command (at least if all 24 PCRs should be used).

- Tspi_Context_LoadKeyByBlob now works on 1.2 TPMs (removed keyslot from 
auth data of LoadKey2 command)

This patch is EXPERIMENTAL software! It is provided "as is" and WITHOUT 
ANY WARRANTY.

Documentation and source code are available at the Sourceforge website 
at: http://trustedjava.sourceforge.net
Comments, questions and feature requests are always welcome.

Regards,
Thomas Winkler
IAIK, TU Graz

[Trustedjava-support] tpm-tools application TPM_TakeOwnership function problem

[Volkan E. <vol...@ue...>]

Hi,

Is there someone who tested the tpm-tools version 1.2.4 application
released at sf.net? While I was testing it, I saw that when the PC is
rebooted the ownership information such as the owner and SRK password is
reset. We use the tpm_emulator and trousers as application environment.

Any ideas?

Thanks.

Volkan.

--=20
Volkan Erol
TUBITAK - Ulusal Elektronik ve Kriptoloji Arastirma Enstitusu (UEKAE)
Arastirmaci - Tasarim ve Gelistirme Muhendisligi Sorumlusu
TUBITAK - National Research Institute of Electronics & Cryptology (NRIEC)
Researcher - Software Design and Development Engineer

Tel./Phone: +90 262 679 50 00 Dahili/Ext. 7524
Mail: vol...@ue...

Re: [Trustedjava-support] Another problem when running tests

[Carolin L. <car...@un...>]

Hi Thomas,

thanks for the hint on how to use a clean setup. You were right. Now, I
am able to reproduce the problem using my C program. Perhaps it has to
do with the new version of the TPM emulator (I used version 0.3 before
installing jTSS).

Bye
Carolin

Thomas Winkler wrote:
> Hi Carolin,
>
>   
>> when I first clear the owner, using the clearOwner method of the TcITpm
>> class, a new owner can be set. But where does the wrapper store the
>> information whether a TPM has already been owned or not? I think, there
>> has to be a file on my HD. I thought, it has to be in the system.data
>> file in /var/tpm/, but deleting this file and reloading the module does
>> not help...
>>     
>
> Nor the wrapper nor the TSS stores if the TPM is already owned. The TPM
> itself knows if ownership is already taken or not. The file
> /usr/local/var/lib/tpm/system.data is the persistent system storage of
> the TrouSerS TSS.
> If you are using TPM emulator, there is another file representing the
> internal state of the TPM. It's default location is /var/tpm. The file
> name starts with tpm_emulator (the exact name depends on the version of
> the emulator you are using). Note that this file might not exist until
> you unload the emulator module. Upon unloading the emulator writes it's
> internal state to this file.
> So - if you want to start with a clean setup: Unload the emulator, make
> sure /var/tpm is empty and also delete the system.data file of TrouSerS
> (note that there also might be a ~/.trousers/user.data file from
> TrouSerS 0.2.7 onwards). Then load them emulator and start TrouSerS.
>
> The "Authentication failed" message you mentioned in your last mail is a
> known issue but the reasons for it are currently unclear. This seems to
> occur if the TSS/TPM is put under stress (i.e. it occasionally happens
> if you are running sequences with many TPM operations but it does not
> happen when executing them one by one). The problem has been reported to
> Kent Yoder (TrouSerS maintainer) and was confirmed by him. A solution is
> currently not known.
> I personally do not think that it is a problem of the jTSS wrapper
> because one can also trigger this behaviour when using TrouSerS with
> plain C test programs.
>
> Regards,
> Thomas Winkler
> IAIK, TU Graz, Austria
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
>   

[Trustedjava-support] java.security.PublicKey conversion found

[<Hon...@cs...>]

Hi all,

Apologies for my last e-mail: I've found the way to convert =
java.security.PublicKey to TclRsaKey in TestIdentityCreation.java

Sorry.

Hon Hwang.

[Trustedjava-support] java.security.PublicKey to TclRsaKey

[<Hon...@cs...>]

Hi all,

Just wondering whether it is possible to convert java.security.PublicKey =
(JRE's built in key management class) into TclRsaKey (or TcRsaKey) of =
jTssWrapper?

Thanks.

Hon Hwang.

Re: [Trustedjava-support] Another problem when running tests

[Thomas W. <tho...@ia...>]

Hi Carolin,

> when I first clear the owner, using the clearOwner method of the TcITpm
> class, a new owner can be set. But where does the wrapper store the
> information whether a TPM has already been owned or not? I think, there
> has to be a file on my HD. I thought, it has to be in the system.data
> file in /var/tpm/, but deleting this file and reloading the module does
> not help...

Nor the wrapper nor the TSS stores if the TPM is already owned. The TPM
itself knows if ownership is already taken or not. The file
/usr/local/var/lib/tpm/system.data is the persistent system storage of
the TrouSerS TSS.
If you are using TPM emulator, there is another file representing the
internal state of the TPM. It's default location is /var/tpm. The file
name starts with tpm_emulator (the exact name depends on the version of
the emulator you are using). Note that this file might not exist until
you unload the emulator module. Upon unloading the emulator writes it's
internal state to this file.
So - if you want to start with a clean setup: Unload the emulator, make
sure /var/tpm is empty and also delete the system.data file of TrouSerS
(note that there also might be a ~/.trousers/user.data file from
TrouSerS 0.2.7 onwards). Then load them emulator and start TrouSerS.

The "Authentication failed" message you mentioned in your last mail is a
known issue but the reasons for it are currently unclear. This seems to
occur if the TSS/TPM is put under stress (i.e. it occasionally happens
if you are running sequences with many TPM operations but it does not
happen when executing them one by one). The problem has been reported to
Kent Yoder (TrouSerS maintainer) and was confirmed by him. A solution is
currently not known.
I personally do not think that it is a problem of the jTSS wrapper
because one can also trigger this behaviour when using TrouSerS with
plain C test programs.

Regards,
Thomas Winkler
IAIK, TU Graz, Austria

Re: [Trustedjava-support] Another problem when running tests

[Carolin L. <car...@un...>]

Hi,

when I first clear the owner, using the clearOwner method of the TcITpm
class, a new owner can be set. But where does the wrapper store the
information whether a TPM has already been owned or not? I think, there
has to be a file on my HD. I thought, it has to be in the system.data
file in /var/tpm/, but deleting this file and reloading the module does
not help...

regards
Carolin



Carolin Latze wrote:
> Hi,
>
> I installed sun java 1.5 which solved my previous problem, but now, I
> have another one:
>
> diufpc266 jTssWrapperPBuilt_0.2.2 # make run_tests
> LD_LIBRARY_PATH=output/lib
> CLASSPATH=output/jars/internal_jtss_wrapper.jar:outpu
> t/jars/iaik_jtss_wrapper.jar:output/jars/iaik_jtss_wrapper_test.jar:/usr/share/j
> unit/lib/junit.jar  java iaik.tss.test.junit.TestMain
> .9:04:56:259 [INFO] TestTakeOwnership::testTakeOwnership (70):  TPM
> ownership al
> ready taken
> ...................9:04:58:100 [INFO] TestTpm::testCreateEK (104):     
> createEn
> dorsementKey command is disabled
> ....9:04:58:294 [INFO] TestTpm::testCertifySelfTest (284):     
> TPM_ORD_CertifyS
> elfTest is not supported by this TPM
> .................
> .....TSPI call error:
>   error code:    0x1
>   error message: TPM layer: Authentication failed
>         at
> iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java:98)
>         at iaik.tss.impl.jni.TcRsaKey.certifyKey(TcRsaKey.java:234)
>         at
> iaik.tss.test.junit.TestKeys.testCertifyKeyWithoutNonce(TestKeys.java
> :460)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> java:39)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at junit.framework.TestCase.runTest(TestCase.java:154)
>         at junit.framework.TestCase.runBare(TestCase.java:127)
>         at junit.framework.TestResult$1.protect(TestResult.java:106)
>         at junit.framework.TestResult.runProtected(TestResult.java:124)
>         at junit.framework.TestResult.run(TestResult.java:109)
>         at junit.framework.TestCase.run(TestCase.java:118)
>         at junit.framework.TestSuite.runTest(TestSuite.java:208)
>         at junit.framework.TestSuite.run(TestSuite.java:203)
>         at junit.framework.TestSuite.runTest(TestSuite.java:208)
>         at junit.framework.TestSuite.run(TestSuite.java:203)
>         at junit.textui.TestRunner.doRun(TestRunner.java:116)
>         at junit.textui.TestRunner.doRun(TestRunner.java:109)
>         at junit.textui.TestRunner.run(TestRunner.java:72)
>         at iaik.tss.test.junit.TestMain.allTests(TestMain.java:46)
>         at iaik.tss.test.junit.TestMain.main(TestMain.java:71)
> F.....
> Time: 34.878
> There was 1 failure:
> 1)
> testCertifyKeyWithoutNonce(iaik.tss.test.junit.TestKeys)junit.framework.AssertionFailedError:
> certify key (without nonce) failed
>         at
> iaik.tss.test.junit.TestKeys.testCertifyKeyWithoutNonce(TestKeys.java:463)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at iaik.tss.test.junit.TestMain.allTests(TestMain.java:46)
>         at iaik.tss.test.junit.TestMain.main(TestMain.java:71)
>
> FAILURES!!!
> Tests run: 51,  Failures: 1,  Errors: 0
>
> I run it as root with TPM emulator version 0.4 and trousers version 0.2.7.
>
> Furthermore I do no understand, why jTss says, that the ownership has
> been already taken when I start the emulator with the "startup=clear"
> option...I think this should not happen...
>
> Bye
> Carolin
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
>   

[Trustedjava-support] Another problem when running tests

[Carolin L. <car...@un...>]

Hi,

I installed sun java 1.5 which solved my previous problem, but now, I
have another one:

diufpc266 jTssWrapperPBuilt_0.2.2 # make run_tests
LD_LIBRARY_PATH=output/lib
CLASSPATH=output/jars/internal_jtss_wrapper.jar:outpu
t/jars/iaik_jtss_wrapper.jar:output/jars/iaik_jtss_wrapper_test.jar:/usr/share/j
unit/lib/junit.jar  java iaik.tss.test.junit.TestMain
.9:04:56:259 [INFO] TestTakeOwnership::testTakeOwnership (70):  TPM
ownership al
ready taken
...................9:04:58:100 [INFO] TestTpm::testCreateEK (104):     
createEn
dorsementKey command is disabled
....9:04:58:294 [INFO] TestTpm::testCertifySelfTest (284):     
TPM_ORD_CertifyS
elfTest is not supported by this TPM
.................
.....TSPI call error:
  error code:    0x1
  error message: TPM layer: Authentication failed
        at
iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java:98)
        at iaik.tss.impl.jni.TcRsaKey.certifyKey(TcRsaKey.java:234)
        at
iaik.tss.test.junit.TestKeys.testCertifyKeyWithoutNonce(TestKeys.java
:460)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at junit.framework.TestCase.runTest(TestCase.java:154)
        at junit.framework.TestCase.runBare(TestCase.java:127)
        at junit.framework.TestResult$1.protect(TestResult.java:106)
        at junit.framework.TestResult.runProtected(TestResult.java:124)
        at junit.framework.TestResult.run(TestResult.java:109)
        at junit.framework.TestCase.run(TestCase.java:118)
        at junit.framework.TestSuite.runTest(TestSuite.java:208)
        at junit.framework.TestSuite.run(TestSuite.java:203)
        at junit.framework.TestSuite.runTest(TestSuite.java:208)
        at junit.framework.TestSuite.run(TestSuite.java:203)
        at junit.textui.TestRunner.doRun(TestRunner.java:116)
        at junit.textui.TestRunner.doRun(TestRunner.java:109)
        at junit.textui.TestRunner.run(TestRunner.java:72)
        at iaik.tss.test.junit.TestMain.allTests(TestMain.java:46)
        at iaik.tss.test.junit.TestMain.main(TestMain.java:71)
F.....
Time: 34.878
There was 1 failure:
1)
testCertifyKeyWithoutNonce(iaik.tss.test.junit.TestKeys)junit.framework.AssertionFailedError:
certify key (without nonce) failed
        at
iaik.tss.test.junit.TestKeys.testCertifyKeyWithoutNonce(TestKeys.java:463)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at iaik.tss.test.junit.TestMain.allTests(TestMain.java:46)
        at iaik.tss.test.junit.TestMain.main(TestMain.java:71)

FAILURES!!!
Tests run: 51,  Failures: 1,  Errors: 0

I run it as root with TPM emulator version 0.4 and trousers version 0.2.7.

Furthermore I do no understand, why jTss says, that the ownership has
been already taken when I start the emulator with the "startup=clear"
option...I think this should not happen...

Bye
Carolin

Re: [Trustedjava-support] Problem when running tests

[Martin P. <Mar...@ia...>]

Carolin Latze wrote:
> Exception in thread "main" java.lang.UnsupportedClassVersionError:
> iaik/tss/test/junit/TestMain (Unsupported major.minor version 49.0)

Incompatible Java .class files.

jTss Documentation says Java 1.4 and only 1.5 for AIK, but I guess
this time the build was done with 1.5.

Bringing down required Java version for both jTSS and TCcert is an
issue being worked on, meanwhile please try with Java 1.5

HTH,
Martin Pirker
IAIK, TU Graz, Austria

[Trustedjava-support] Problem when running tests

[Carolin L. <car...@un...>]

Hi,

when I try to run the Junit tests using "make run_tests", I get the
following result:

diufpc266 jTssWrapperPBuilt_0.2.2 # make run_tests
LD_LIBRARY_PATH=output/lib
CLASSPATH=output/jars/internal_jtss_wrapper.jar:output/jars/iaik_jtss_wrapper.jar:output/jars/iaik_jtss_wrapper_test.jar:/usr/share/junit/lib/junit.jar 
java iaik.tss.test.junit.TestMain
Exception in thread "main" java.lang.UnsupportedClassVersionError:
iaik/tss/test/junit/TestMain (Unsupported major.minor version 49.0)
        at java.lang.ClassLoader.defineClass0(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:539)
        at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:251)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:55)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:194)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
make: *** [run_tests] Error 1
diufpc266 jTssWrapperPBuilt_0.2.2 #

I use the TPM emulator, version 0.4 and trousers version 0.2.7. When I
use the original tss methods to access the TPM, everything is fine. I
have done already several tests with the TPM. I think, this is a special
Java TSS problem. Has anybody an idea how to help me?

Regards
Carolin

Re: [Trustedjava-support] jTssWraper under Windows OS

[Martin P. <Mar...@ia...>]

Hi...

marbouh med wrote:
> Thank you Thomas for your help

Thomas is currently not available, so I will try...

> I don't know if there is someone who managed to do that. In fact I  still
> facing a problem when compiling the file "tspiwrapper_wrap.c" to generate my dll.
> You have mentioned the makefile in your post but I can't do it since
 > I'm not very experienced in Linux.

I'm not sure what you are refering to.

If you still want to run jTSS under Windows, Thomas described the
theoretical path to it, but as far as I know nobody tried this yet,
meaning if you want to walk this way you are on your own.
Maybe keep an ear on the Trousers mailing list and if someone brave
succeeds in a Windows port of Trousers then jTSS would be an interesting
thing to try next.

If you want to run jTSS under Linux, first get a working setup of Trousers,
then read the jTSS README and follow the installation steps.

When you get stuck and don't know what to do next, please report with more
detail what does not work - "still facing a problem" does not explain
what problem you are having.

Regards,
Martin Pirker
IAIK, TU Graz, Austria

Re: [Trustedjava-support] jTssWraper under Windows OS

[marbouh m. <med...@ya...>]

Hello,
Thank you Thomas for your help

I don't know if there is someone who managed to do that. In fact I still fa=
cing a problem when compiling the file "tspiwrapper_wrap.c" to generate my =
dll.

You have mentioned the makefile in your post but I can't do it since I'm no=
t very experienced in Linux.

Can you help me pleaze!

Mom

----- Message d'origine ----
De : tru...@li...
=C0 : tru...@li...
Envoy=E9 le : Jeudi, 13 Juillet 2006, 9h02mn 29s
Objet : Trustedjava-support Digest, Vol 2, Issue 2

Send Trustedjava-support mailing list submissions to
    tru...@li...

To subscribe or unsubscribe via the World Wide Web,  visit
    https://lists.sourceforge.net/lists/listinfo/trustedjava-support
or, via email, send a message with subject or body 'help' to
    tru...@li...

You can reach the person managing the list at
    tru...@li...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Trustedjava-support digest..."


Today's Topics:

   1. Re: jTssWraper under Windows OS (Thomas Winkler)


----------------------------------------------------------------------

Message: 1
Date: Thu, 13 Jul 2006 08:19:48 +0200
From: Thomas Winkler <tho...@ia...>
Subject: Re: [Trustedjava-support] jTssWraper under Windows OS
To: marbouh med  <med...@ya...>
Cc: tru...@li...
Message-ID: <44B...@ia...>
Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed

Hello,

> I would like to know if I can use jTssWrapper under Windows OS and how=20
> to do that if it is possible.

Yes, in theory this is possible. All you would have to do is to download=20
the pre-built version and recompile the libtspiwrapper shared library to=20
link against the TSPI library of your Windows TSS. This might require=20
some tweaking of the Makefile since it is tailored for Linux/Unix=20
environments but this should be doable.

The most challenging part might be to find a TSS for Windows. Ideally=20
your TPM vendor shipped such a stack together with your platform.=20
Alternatively, you could consider trying to port the open source=20
TrouSerS TSS (http://trousers.sf.net) to Windows. Aside from getting the=20
build system to work under Windows (I probably would try cygwin for=20
that) you would have to adopt the source code such that TrouSerS makes=20
use of the TDDL that was shipped together with your TPM.
There also have been some discussions on that issue on the TrouSerS=20
mailing list:=20
http://sourceforge.net/search/?ml_name=3Dtrousers-users&type_of_search=3Dml=
ists&group_id=3D126012&words=3Dwindows

Regards,
Thomas Winkler
IAIK, TU Graz, Austria



------------------------------


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to  make your job eas=
ier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1=
21642


------------------------------

_______________________________________________
Trustedjava-support mailing list
Tru...@li...
https://lists.sourceforge.net/lists/listinfo/trustedjava-support


End of Trustedjava-support Digest, Vol 2, Issue 2
*************************************************

Re: [Trustedjava-support] Error creating PECertificate

[Fischer, A. <ann...@hp...>]

I do set the section pointer before creating the certificate. I also
created an EKCertificate successfully, only the PECertificate fails. I
think it must be something else.

Cheers,
Anna

-----Original Message-----
From: Martin Pirker [mailto:Mar...@ia...]=20
Sent: Montag, 17. Juli 2006 12:05
To: tru...@li...
Cc: Fischer, Anna
Subject: Re: [Trustedjava-support] Error creating PECertificate

Hi Anna...

Fischer, Anna wrote:
> I get an error when creating a PECertificate. It seems as if I've
missed
> an attribute in my property file, but I don't really know what the
> problem is. I get a NumberFormatException because something is NULL,
but
> I can't see what exactly is missing. Can you check that for me? It
must
> be in Properties.java:190, but please see the attached error log.

Set the current section pointer to the properties of the certificate
you want to create:

properties.setSectionPointer("PE")
PECertificate.create(properties, ....)


PECertificate.create(...) internally never actually specifies a
section when reading properties  but always takes the current section.


I'm sorry, I guess that precondition was forgotten in the Javadocs :-/

Martin

Re: [Trustedjava-support] Error creating PECertificate

[Martin P. <Mar...@ia...>]

Hi Anna...

Fischer, Anna wrote:
> I get an error when creating a PECertificate. It seems as if I've missed
> an attribute in my property file, but I don't really know what the
> problem is. I get a NumberFormatException because something is NULL, but
> I can't see what exactly is missing. Can you check that for me? It must
> be in Properties.java:190, but please see the attached error log.

Set the current section pointer to the properties of the certificate
you want to create:

properties.setSectionPointer("PE")
PECertificate.create(properties, ....)


PECertificate.create(...) internally never actually specifies a
section when reading properties  but always takes the current section.


I'm sorry, I guess that precondition was forgotten in the Javadocs :-/

Martin

[Trustedjava-support] Error creating PECertificate

[Fischer, A. <ann...@hp...>]

I get an error when creating a PECertificate. It seems as if I've missed
an attribute in my property file, but I don't really know what the
problem is. I get a NumberFormatException because something is NULL, but
I can't see what exactly is missing. Can you check that for me? It must
be in Properties.java:190, but please see the attached error log.

The property file is the same that is shipped as sample file in the
jTSS.

Cheers,
Anna

[Trustedjava-support] IAIK/OpenTC Java TSS Wrapper 0.2.2 released

[Thomas W. <tho...@ia...>]

Dear Mailinglist Members,

The trusted computing team of IAIK hereby announces the immediate
availability of the IAIK/OpenTC Java TSS Wrapper 0.2.2.

The Java TSS Wrapper provides an object oriented Java API for
interaction with the TCG Software Stack (TSS) for Java applications.
Version 0.2.2 is a maintenance release. Compared to version 0.2.1 the
following changes have been integrated (for more information please
refer to the changelog provided in the download package):

- synchronization with IAIK/OpenTC TCcert library 0.2
	Updated the AIK creation cycle to work with the new IAIK/OpenTC TCcert 
library 0.2. Both, the JUnit AIK creation testcase and the standalone 
create_aik.sh script are now working with the new TCcert library.

- bugfix in seal/unseal JUnit test
	The sealed data was bound to the wrong PCR value.

- additional user persistent storage unit test
	A new JUnit test was added to test the new persistent user storage of 
TrouSerS 0.2.7cvs.

- TrouSerS (0.2.7cvs) credential support in CollateIdentityRequest
	TrouSerS 0.2.7cvs (to be released as 0.2.7) now supports reading of the 
credentials (ek, platform, conformance) required for the
CollateIdentityRequest from the harddisk (to be configured in
tcsd.conf). In previous versions, the credential fields in the
identityProof structure	were left blank by TrouSerS. If the credential
fields are empty, the jTSS AIK creation cycle injects them into the
decrypted structure at the PrivacyCA side. If the fields are not empty
(as it is now possible with TrouSerS 0.2.7cvs), the credentials are not
injected. The updated jTSS AIK cycle can handle both cases (empty
credential fields vs. credential fields filled by the TSS).

- tested with TrouSerS 0.2.6 and 0.2.7cvs on TPM Emulator 0.4 and IFX
TPM 1.1b
	This version was tested with the TrouSerS 0.2.6 and 0.2.7cvs
TSS. The TrouSerS 0.2.7cvs version is expected to be released as
TrouSerS 0.2.7 soon. Tests were done on TPM Emulator version 0.4 and IFX
1.1b hardware TPMs. Tests for IFX 1.2 TPMs have been done using the
patched TrouSerS 0.2.6 from http://trustedjava.sf.net.

Documentation and source code are available at the Sourceforge website 
at: http://trustedjava.sourceforge.net Comments, questions and feature 
requests are always welcome.


[NOTE: Due to Sourceforge downtime the main page is out of date and
will sync later. The files itself are already available for download.]

Regards,
Thomas Winkler
IAIK, TU Graz

Re: [Trustedjava-support] jTssWraper under Windows OS

[Thomas W. <tho...@ia...>]

Hello,

> I would like to know if I can use jTssWrapper under Windows OS and how 
> to do that if it is possible.

Yes, in theory this is possible. All you would have to do is to download 
the pre-built version and recompile the libtspiwrapper shared library to 
link against the TSPI library of your Windows TSS. This might require 
some tweaking of the Makefile since it is tailored for Linux/Unix 
environments but this should be doable.

The most challenging part might be to find a TSS for Windows. Ideally 
your TPM vendor shipped such a stack together with your platform. 
Alternatively, you could consider trying to port the open source 
TrouSerS TSS (http://trousers.sf.net) to Windows. Aside from getting the 
build system to work under Windows (I probably would try cygwin for 
that) you would have to adopt the source code such that TrouSerS makes 
use of the TDDL that was shipped together with your TPM.
There also have been some discussions on that issue on the TrouSerS 
mailing list: 
http://sourceforge.net/search/?ml_name=trousers-users&type_of_search=mlists&group_id=126012&words=windows

Regards,
Thomas Winkler
IAIK, TU Graz, Austria

[Trustedjava-support] jTssWraper under Windows OS

[marbouh m. <med...@ya...>]

Hi,
I would like to know if I can use jTssWrapper under Windows OS and how to do that if it is possible.

Thank you in advance


Mom

Re: [Trustedjava-support] AIK creation fails

[Thomas W. <tho...@ia...>]

Hi Anna,

> [...]
> When using the AIK creation methods in the example test I have problems
> to decrypt the IdentityReqBlob. During the method I get the following
> error:
> 
> [...]
> 
> Do you have any idea why the decryption here fails? The decryption of
> the symmetric key seems to work.

Your problem seems to be that you do not have installed the "Unlimited 
Strength Jurisdiction Policy Files" for the Java Crypto Extension (JCE). 
Without those files, you can not use all the algorithms and the length 
of your keys might be limited.
Please download the files form 
http://java.sun.com/j2se/1.5.0/download.jsp (at the bottom of the page) 
and install them in the jre/lib/security folder of your Java 
installation. With these files, the AIK creation should work.

The readme.txt shipped with the jTSS Wrapper and the jTSS website also 
mention that Java 1.5 with the "Unlimited Strength Jurisdiction Policy 
Files" is required for AIK creation (section 2.3.1, item 3).

Regards,
Thomas Winkler
IAIK, TU Graz, Austria

[Trustedjava-support] AIK creation fails

[Fischer, A. <ann...@hp...>]

Hi,

I'm trying to use the AIK capabilities of the Trusted Java Stack, but
I've got some problems and I hope you can help me with that.

When using the AIK creation methods in the example test I have problems
to decrypt the IdentityReqBlob. During the method I get the following
error:

java.security.InvalidKeyException: Illegal key size or default
parameters
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.init(DashoA12275)
        at (24464082) javax.crypto.Cipher.init(DashoA12275)

I'm using the method of the junit test package (I printed it below). The
error appears during the execution of the=20

aesDec.init(Cipher.DECRYPT_MODE, skeySpec);

command.

Do you have any idea why the decryption here fails? The decryption of
the symmetric key seems to work. I'm using the complete AIK creation
process that is available in the junit test package. I create the public
CA key in the same way and the TPM_MakeIdentity command is also
successful on the TPM. The TPM doesn't give me error messages, so the
keys should be alright.

Thanks for your help,
Anna


My decryption method:

public TcTcpaIdentityProof caDecryptIdentityReqBlob(
			TcBlobData collateIdentityReqBlob) throws
TcException {
				// step 1: decode the collate identity
request blob
		TcTcpaIdentityReq collateIdentityReq =3D new
TcTcpaIdentityReq(
				collateIdentityReqBlob);

		TcBlobData symBlobDecrypted =3D null;
		try {

			// step 2: decrypt the symmetric key (encrypted
by the client with
			// the public CA key)

			//Cipher rsaDec =3D
Cipher.getInstance("RSA/ECB/PKCS1Padding");
			 Cipher rsaDec =3D
=09
Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
		=09
			rsaDec.init(Cipher.DECRYPT_MODE,
caKeyPair_.getPrivate());
			TcTcpaSymmetricKey symmetricKey =3D new
TcTcpaSymmetricKey(=20
=09
TcTssStructFactory.newBlobData().initByteArray(
=09
rsaDec.doFinal(collateIdentityReq.getAsymBlob()
=09
.asByteArray())));
		=09
			// step 3: decrypt the symmetrically encrypted
data
			Cipher aesDec =3D
Cipher.getInstance("AES/ECB/PKCS5Padding");
			SecretKeySpec skeySpec =3D new
SecretKeySpec(symmetricKey.getData()
					.asByteArray(), "AES");
		=09
		=09
			aesDec.init(Cipher.DECRYPT_MODE, skeySpec);
		=09
			symBlobDecrypted =3D
TcTssStructFactory.newBlobData().initByteArray(
					//=20
=09
aesDec.doFinal(collateIdentityReq.getSymBlob()
=09
.asByteArray()));

			} catch (GeneralSecurityException e) {
			Log.err(this,e);
			return null;
		}

				// the decrypted data is of type
TCPA_IDENTITY_PROOF
		TcTcpaIdentityProof identityProof =3D new
TcTcpaIdentityProof(
				symBlobDecrypted);
	=09
		return identityProof;
	}

Re: [Trustedjava-support] Printing key blob of AIK, TPM Emulator and external key pair

[Thomas W. <tho...@ia...>]

Hello,

> My first question is: why doesn't it work on the software TPM Emulator?

There are several reasons for that:

- Version 0.3 of TPM Emulator now implements the TPM_MakeIdentity 
command  but expects TPM_KEY12 idKeyParams instead of TPM_KEY 
idKeyParams (see tpm/tpm_identity.c, line 163). At the same time, the 
execute_TPM_MakeIdentity function in tpm_cmd_handler.c assumes that the 
idKeyParams are of type TPM_KEY. To sum up, TPM Emulator seems to be 
inconsistent regarding what data it expects to receive from upper layers 
(1.1 vs 1.2 structures). In addition to that, the TrouSerS TSS is 
currently only 1.1 compatible and therefore will not send TPM_KEY12 structs.

- To activate the identity, the TPM_ActivateIdentity in the emulator is 
required which currently is not implemented (see tpm/tpm_identity.c, 
line 339).

To sum up: Currently the TPM Emulator does not provide the required 
functionality to do a full AIK creation cycle.

> So my second question is: is this even possible?  That is to print out the blob of the AIK key pair.

As said above, the TPM Emulator is not complete regarding AIK creation. 
The error you see, most likely is related to that.

Aside from the TPM Emulator problems, printing the AIK is possible. With 
the provided toString() method however, all you will get is the 
keyHandle of the key. The actual key blobs of a key can be extracted 
using the getAttribData method.

> Third question: is it possible to load a TPM key created outside of TPM into the TPM?

It is possible to load an external key into the TPM.
For example, code please have a look at the TestKeys.testWrapKey() 
shipped with the jTSS Wrapper.

Regards,
Thomas Winkler
IAIK, TU Graz