You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(4) |
Jul
(10) |
Aug
(6) |
Sep
(6) |
Oct
(5) |
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
|
Feb
(14) |
Mar
(25) |
Apr
(9) |
May
(10) |
Jun
(9) |
Jul
(33) |
Aug
(52) |
Sep
(15) |
Oct
(6) |
Nov
(4) |
Dec
(6) |
2008 |
Jan
(27) |
Feb
(3) |
Mar
(6) |
Apr
(7) |
May
(8) |
Jun
(4) |
Jul
(21) |
Aug
(8) |
Sep
(9) |
Oct
(6) |
Nov
(1) |
Dec
(1) |
2009 |
Jan
(1) |
Feb
(1) |
Mar
(10) |
Apr
(7) |
May
(8) |
Jun
(10) |
Jul
(11) |
Aug
(17) |
Sep
(13) |
Oct
(13) |
Nov
(1) |
Dec
(5) |
2010 |
Jan
(5) |
Feb
(9) |
Mar
(12) |
Apr
(4) |
May
(5) |
Jun
(3) |
Jul
(7) |
Aug
(7) |
Sep
(3) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
2011 |
Jan
(9) |
Feb
(3) |
Mar
(24) |
Apr
(3) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(8) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
2012 |
Jan
(4) |
Feb
|
Mar
|
Apr
(3) |
May
(12) |
Jun
(7) |
Jul
(9) |
Aug
|
Sep
(14) |
Oct
(19) |
Nov
(4) |
Dec
|
2013 |
Jan
(1) |
Feb
(3) |
Mar
(1) |
Apr
(5) |
May
(3) |
Jun
(7) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
2014 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(6) |
Jul
(14) |
Aug
(5) |
Sep
(7) |
Oct
(3) |
Nov
|
Dec
(1) |
2015 |
Jan
(3) |
Feb
|
Mar
(4) |
Apr
|
May
(1) |
Jun
(9) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(4) |
2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
2021 |
Jan
|
Feb
|
Mar
(11) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Jeppsen, I. B <JEP...@ba...> - 2012-07-09 21:02:55
|
Hi, I've been trying to get jtss to work on a windows 7 box and have gotten the "run_tests_simple.cmd" to work but can't seem to get the "run_tests.cmd" to work. The error says that TakeOwnership command fails (even though i've provided the owner password via the command line). Any thoughts on getting the tests to work would be appreciated. Thanks, IB Isaac Ben Jeppsen Here is the output from the command prompt (run as administrator): ---------------------------------- IAIK jTSS - - - - - - - - - - Test Suite (c) Copyright 2006-9, IAIK, Graz University of Technology ---------------------------------- 16:29:37:227 [DEBUG] TestMain::allTests (54): testsuite starting up .16:29:38:444 [INFO] TestContext::testContextCreation (37): TPM version : Ve rsion: 1.2.3.17 16:29:38:450 [INFO] TestContext::testContextCreation (47): TCS version : Ve rsion: 1.2.0.7 16:29:38:451 [INFO] TestContext::testContextCreation (50): TSP version : Ve rsion: 1.2.0.7 .16:29:38:572 [INFO] TestTakeOwnership::testTakeOwnership (36): TPM ownership co mmand is disabled .16:29:38:753 [INFO] TestTpm::testGetEndorsementKeyNoOwnerSelfValidate (133): Reading public EK without owner authorization is disabled. .16:29:38:936 [INFO] TestTpm::testReadCurrentCounter (241): There is no coun ter active ..16:29:39:359 [INFO] TestTpm::testGetEndorsementKeyNoOwner (93): Reading public EK without owner authorization is disabled. .............Terminate batch job (Y/N)? y |
From: Michael G. <m.g...@tu...> - 2012-07-09 14:56:07
|
On 05/14/2012 07:31 PM, Michael StJohns wrote: > Hi -- Hi Michael, > For some reason, TcTpmConstants.TPM_NV_INDEX_TRIAL has the "D" bit > set. This is probably a bug. I agree that this is not the best value for this constant. It will be changed to 0x0000f004 in a future release. Anyhow please note that it's a valid index according to the specification. > I used the constant in TcINvRam.defineSpace (in TcTpmNvData) to see if I > had space to create a 100 octet space. What I ended up with was a > permanent 100 octet space that I can't get rid of. What exactly do you mean by 'can't get rid of'? According to the TPM specification this should not happen. When you try to define an index with the D-bit set, a shipped TPM should return TPM_BADINDEX. Which TPM do you use? Is the TPM's nvLocked bit set to true? If it is not, then D-bit indices can be defined, but also deleted. Can you please provide the output of the following commands? jtt tpm_version jtt tpm_flags jtt nv_decode --index 0x1000f004 > When I use the correct value - 0xF004 - as the index, I get the > anticipated behavior. A "success" results in a return with no creation. That's what I would have expected ;) > I'd review all of the TPM_NV_INDEX_* values and make sure you're using > the correct values. Both versions with and without D-bit set are correct. For compatibility reasons the other constants will remain unchanged. > Mike HTH, Michael |
From: Ronald T. <ron...@ia...> - 2012-07-06 09:07:47
|
Hi Jon, Both persistent storage implementations are very simple. They just store the keys in the file system location provided. Also the "database" class just dumps DB tables there. If you need a proper database providing (serious) concurrent services to different host you'll need to implement the iaik.tc.tss.impl.ps.TcITssPersistentStorage interface yourself. In case you just want to store TPM keys remotely, you could of course just mount a remote location in the local file system and use the iaik.tc.tss.impl.ps.TcTssPsFileSystem implementation with all its shortcomings. Caveats are to have separate folders with the correct access rights for the jTSS process(es) and that a SRK is expected to be in the system DB. SRK extraction and storage is a convenient side effect of taking ownership with jTT. Hope this helps, Ronald On 07/05/2012 09:44 PM, Jonathan McCune wrote: > Howdy, > > It's unclear to me from the documentation whether setting jTSS to use > the database (i.e., line > 'type=iaik.tc.tss.impl.ps.TcTssSystemPsDatabase' in > /usr/share/jtss/lib/ini/jtss_tcs.ini) flavor of persistent storage > also enables one to use an outside database. I would like to use a > stand-alone database server if possible to facilitate testing multiple > hosts that all boot identical read-only filesystem images. > > Thanks, > -Jon > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: Jonathan M. <jon...@cm...> - 2012-07-05 19:44:51
|
Howdy, It's unclear to me from the documentation whether setting jTSS to use the database (i.e., line 'type=iaik.tc.tss.impl.ps.TcTssSystemPsDatabase' in /usr/share/jtss/lib/ini/jtss_tcs.ini) flavor of persistent storage also enables one to use an outside database. I would like to use a stand-alone database server if possible to facilitate testing multiple hosts that all boot identical read-only filesystem images. Thanks, -Jon |
From: Ronald T. <ron...@ia...> - 2012-07-04 10:08:56
|
Hello, We should probably take this discussion to the trustedJava mailing list. Anyway, apparently you seem to have issues with the jTSS component that is needed between TPM (emulator) and the JSR321 RI. You'll need to be more specific on what you aactually did before we can help you. Have you followed the installation guide at http://java.net/projects/jsr321/pages/GettingStartedGuide ? Best regards, Ronald On 07/04/2012 12:00 PM, tpm...@li... wrote: > Send tpm-emulator-user mailing list submissions to > tpm...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.berlios.de/mailman/listinfo/tpm-emulator-user > or, via email, send a message with subject or body 'help' to > tpm...@li... > > You can reach the person managing the list at > tpm...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tpm-emulator-user digest..." > > > Today's Topics: > > 1. connection of jsr321 with tpm emulator is getting failed > (shreya sharma) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 4 Jul 2012 11:53:08 +0530 > From: shreya sharma <shr...@gm...> > To: tpm...@li... > Subject: [tpm-emulator-user] connection of jsr321 with tpm emulator is > getting failed > Message-ID: > <CAF...@ma...> > Content-Type: text/plain; charset="iso-8859-1" > > I Have installed TPM Emulator on Ubuntu 12.04. The installation was > successful. I have a file /dev/tpm made. However when I try to connect > using JSR 321 following error message comes: > > 15:22:52:547 [ERROR] TcTcsBindingSoap::connect (116): There seems no TCS > running > 15:22:52:560 [ERROR] TcTcsBindingSoap::connect (116): There seems no TCS > running > iaik.tc.tss.api.exceptions. > tsp.TcTspException: > > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x0103 > error code (full): 0x3103 > error message: Core Service connection failed. > > at > iaik.tc.tss.impl.java.tsp.tcsbinding.soapservice.TcTcsBindingSoap.connect(TcTcsBindingSoap.java:117) > at > iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextConnect_Internal(TcTspInternal.java:368) > at iaik.tc.tss.impl.java.tsp.TcContext.connect(TcContext.java:174) > at iaik.tc.apps.jtt.tpm.TpmFlags.execute(TpmFlags.java:36) > at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) > at > iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41) > at iaik.tc.apps.JTpmTools.main(JTpmTools.java:224) > > > Kindly let me know how to reslove this issue. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <https://lists.berlios.de/pipermail/tpm-emulator-user/attachments/20120704/347db9ce/attachment-0001.html> > > ------------------------------ > > _______________________________________________ > tpm-emulator-user mailing list > tpm...@li... > https://lists.berlios.de/mailman/listinfo/tpm-emulator-user > > End of tpm-emulator-user Digest, Vol 40, Issue 2 > ************************************************ -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: Ronald T. <ron...@ia...> - 2012-06-20 06:53:10
|
Hello David, Please be a bit more specific. Where to you want to "pull" what to? And how was it pushed there anyway? ;) Your code looks fine at a first glimpse. Is it code working? Then you've already achieved a lot... Ronald Am 20.06.2012 02:40, schrieb dna...@de...: > After successfully running the activateIdentity command, how do I pull > the activated AIK from the TPM for signing the quote? I could not find > any sample code that demonstrates this. > > At the moment, I am registering the AIK PubKey to the TPM using a UUID > during the collateIdentityRequest command. I then pull it at a later > point in time when I wish to sign the quote. I don't think the current > way I am doing this is the correct way. Any insight or direction would > be greatly appreciated. > > TcITpm tpm = context_.getTpmObject(); > TestDefines.tpmPolicy.assignToObject(tpm); > UUID uuid = UUID.fromString("2426c67e-9a0f-4588-bde5-fde2c23b0be9"); > TcTssUuid keyUUID = > TcUuidFactory.getInstance().convertUuidJavaToTss(uuid); > TcIRsaKey aikKey = > context_.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM, keyUUID); > > setAIKKeyPolicies(aikKey); > aikKey.loadKey(srk_); > ..... etc > > Object[] tpmOutData = tpm.quote2(aikKey, false, pcrComp, null); > > ..... etc > > Thanks, > David > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support |
From: <dna...@de...> - 2012-06-20 00:40:30
|
After successfully running the activateIdentity command, how do I pull the activated AIK from the TPM for signing the quote? I could not find any sample code that demonstrates this. At the moment, I am registering the AIK PubKey to the TPM using a UUID during the collateIdentityRequest command. I then pull it at a later point in time when I wish to sign the quote. I don't think the current way I am doing this is the correct way. Any insight or direction would be greatly appreciated. TcITpm tpm = context_.getTpmObject(); TestDefines.tpmPolicy.assignToObject(tpm); UUID uuid = UUID.fromString("2426c67e-9a0f-4588-bde5-fde2c23b0be9"); TcTssUuid keyUUID = TcUuidFactory.getInstance().convertUuidJavaToTss(uuid); TcIRsaKey aikKey = context_.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM, keyUUID); setAIKKeyPolicies(aikKey); aikKey.loadKey(srk_); ..... etc Object[] tpmOutData = tpm.quote2(aikKey, false, pcrComp, null); ..... etc Thanks, David |
From: Martin P. <Mar...@ia...> - 2012-06-06 14:10:38
|
On 2012-06-04 19:13, dna...@de... wrote: > I am having trouble with loading the same AIK key that I had created > previously from a collateIdenitiyRequest command. The AIK does not > appear to be migrateable An AIK is never migrateable. collateIdentity calls the MakeIdentity low-level command of the TPM. See TPM specs part3, section 15.1 TPM_MakeIdentity, action 5: "Verify that idKeyParams -> keyFlags -> migratable is FALSE. If it is not, return TPM_INVALID_KEYUSAGE" The TPM refuses to create migrateable AIKs. > and I cannot figure out how to load it using the JTSS API. Once created, an AIK key blob is just like any other TPM key blob. HTH, Martin |
From: <dna...@de...> - 2012-06-04 17:14:07
|
I am having trouble with loading the same AIK key that I had created previously from a collateIdenitiyRequest command. The AIK does not appear to be migrateable and I cannot figure out how to load it using the JTSS API. I have outlined some of the test code I found in the JTSS to show you how I am creating my aikKey. When I run the activateIdentity command at another point in time, I need some way of loading the same AIK key that I created in the collateIdentityReq. Any insight or help would be greatly appreciated. public TcBlobData clientCollateIdentityReq(PublicKey caPublicKey) throws TcTssException, IOException { // get TPM object and set its policy TcITpm tpm = context_.getTpmObject(); TestDefines.tpmPolicy.assignToObject(tpm); // create identity key template aikKey_ = context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TYPE_IDENTITY | TcTssConstants.TSS_KEY_SIZE_2048 | TcTssConstants.TSS_KEY_AUTHORIZATION | TcTssConstants.TSS_KEY_VOLATILE | TcTssConstants.TSS_KEY_MIGRATABLE/*TSS_KEY_NOT_MIGRATABLE*/); // TcITpmKey idKeyParams = ((TcRsaKey) aikKey_).getInternalTpmKey(); // set usage secret for identity key TcIPolicy aikUsgPol = context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE); aikUsgPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN, TcBlobData.newString("aikSecret")); aikUsgPol.assignToObject(aikKey_); TcIPolicy aikMigPol = context_.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION); aikMigPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN, TcBlobData.newString("none")); aikMigPol.assignToObject(aikKey_); // get the public key of the selected privacy CA (how to obtain this key is beyond the scope of // this test case) TcIRsaKey pubKeyPrivacyCa = getPrivacyCaPubKey(caPublicKey); // do the CollateIdentityReq call TcBlobData collIdReqBlob = tpm.collateIdentityRequest(srk_, pubKeyPrivacyCa, clientGetIdLabel(), aikKey_, SYM_ALGO_TSS); return collIdReqBlob; } public void activateIdentity(String caResponse) throws TcTssException{ //TODO we need to load the original AIK from the TPM's NV ram this.aikKey_ = null; aikKey_.loadKey(srk_); // STEP 5 (Client): The encrypted sym and asym blobs are received by the client. The new // identity is activated by the client. byte[] caResponseRaw = Base64.decode(caResponse.getBytes()); byte[] asymSize = new byte[4]; System.arraycopy(caResponseRaw, 0, asymSize, 0, 4); int symLength = ByteArrayUtil.byteArrayToInt(asymSize); byte[] symCaContentsRaw = new byte[symLength]; System.arraycopy(caResponseRaw, 4, symCaContentsRaw, 0, symLength); int asymLength = (caResponseRaw.length - 4 - symLength); byte[] asymCaContentsRaw = new byte[asymLength]; System.arraycopy(caResponseRaw, (4 + symLength), asymCaContentsRaw, 0, asymLength); TcBlobData symCaAttestationEncrypted = TcBlobData.newByteArray(symCaContentsRaw); TcBlobData asymCaContentsEncrypted = TcBlobData.newByteArray(asymCaContentsRaw); try { TcBlobData aikCredential = clientActivateIdentity(symCaAttestationEncrypted, asymCaContentsEncrypted); // if (aikCredential.equals(caMock.getExpectedAikCredential_())) { // Log.info("AIK credential successfully received and activated at the client"); // } else { // Log.warn("AIK credential creation failed"); // } } catch (TcTssException e) { System.err.println(e.getMessage()); } } Thanks, David |
From: Martin P. <Mar...@ia...> - 2012-06-01 10:09:59
|
Hi... On 2012-05-28 19:09, dna...@de... wrote: > Is there a way to to install EK certificates to the the TPM's NV ram An EK certificate in the TPM's NV ram is located in an NV area with a well-known index. If you run jTpmTools nv_decode command you can examine the NV area in more detail. An example output on an IFX TPM may look like this: 8 indices in NV storage found use '--index xxxxxxxx' for full details (append '--raw' for additional raw hex dump of content) (append '--dump-file path' to dump the content of index to a file) Index Size TPUD Description ------------------------------------------------------------------------ 0x20000001 256 bytes ..U. tboot Verified Launch Policy 0x10000001 20 bytes ...D deprecated DIR command area from TPM 1.1 0x1000f000 1704 bytes ...D TPM Endorsement Key Certificate 0x30000001 576 bytes ..UD unknown index 0x50000001 34 bytes .P.D Intel TXT INDEX_LCP_DEF 0x20000002 8 bytes ..U. tboot launch error index 0x50000002 64 bytes .P.D Intel TXT INDEX_AUX 0x40000001 34 bytes .P.. Intel TXT INDEX_LCP_OWN Here you see that the EK cert is at index 0x1000f000. Please see the TPM specifications part 2, chapter 19.1 "TPM_NV_INDEX" for an explanation of the index number. You may use the other options of nv_decode to explore the NV data areas in more detail. In theory, on a TPM without preloaded EK certificate you may just setup a correct NV area on your own and load your own certificate. In practice, we know no one who has ever tried this. > that have been either self signed or issued by a privacy certificate > authority? The EK cert is the proof that there is really a hardware TPM and not some kind of TPM software emulation on a platform. You can create your own EK certificate - our tccert library should provide all the necessary X509 certificate data structures - however then you have to convince some other party that your self-created cert is of any value. > At the moment I am having an issue with collateIdentityRequest Command > not sending the EK public key in its Identity Proof for manufacturers > that are not IFX. Is there a way around this problem? In the best case a TSS can automatically use the EK cert provided on-chip as it is in a defined location - see above. However, depending on the TSS you use you may just provide the EK cert in a different way. With TrouSerS you may set in tcsd.conf the path to the EK cert file and TrouSerS then uses this one. Alternatively, you can explicitly provide the TSS with an EK cert at program runtime, in jTSS this can be achieved like TcITpm tpm = context_.getTpmObject(); tpm.setAttribData(TcTssConstants.TSS_TSPATTRIB_TPM_CREDENTIAL, TcTssConstants.TSS_TPMATTRIB_EKCERT, ekcertblob); Please see the TSS specification and our JTpmTools code examples for more details. HTH, Martin |
From: Ronald T. <ron...@ia...> - 2012-05-29 09:08:56
|
Michael, This is a very curious bug that has never happened in my tests, especially as the library loading mechanism has worked fine for years. jTSS has been tested against various versions of the JRE/JDK and also different Windows releases. Could you be using a very new or very old JRE? Or did you do some manual installations or configurations of class- and library paths? Please specify your exact configuration. Ronald On 05/28/2012 05:52 AM, Michael StJohns wrote: > In the initializer for iaik.tc.tss.impl.java.tddl.TcTddlVista you > programatically append a ".dll" to the end of the library name (either > jTssTddlVista or jTssTddlVistax64 and then feed that to > "System.loadLibrary()". > > The problem is that System.loadLibrary does mapping of the name you pass > in to append the appropriate suffix based on the type of operating > system. So "jTssTddlVista.dll" gets mapped to "jTssTddlVista.dll.dll" - > which obviously appears nowhere in the paths. > > > The fix is to not add the suffix manually. (Lines 51, 52, 77 and 78). > > I finally got the direct path to work by manually renaming a file to the > double "dll" suffix. > > Mike > > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: <dna...@de...> - 2012-05-28 17:09:30
|
Hello, Is there a way to to install EK certificates to the the TPM's NV ram that have been either self signed or issued by a privacy certificate authority? At the moment I am having an issue with collateIdentityRequest Command not sending the EK public key in its Identity Proof for manufacturers that are not IFX. Is there a way around this problem? Please disregard/ delete my last post as it was sent accidentally. Regards, David |
From: <dna...@de...> - 2012-05-28 16:47:18
|
Please add me to your mailing list so I may post to it. Thanks, David |
From: Michael S. <ms...@nt...> - 2012-05-28 03:52:30
|
In the initializer for iaik.tc.tss.impl.java.tddl.TcTddlVista you programatically append a ".dll" to the end of the library name (either jTssTddlVista or jTssTddlVistax64 and then feed that to "System.loadLibrary()". The problem is that System.loadLibrary does mapping of the name you pass in to append the appropriate suffix based on the type of operating system. So "jTssTddlVista.dll" gets mapped to "jTssTddlVista.dll.dll" - which obviously appears nowhere in the paths. The fix is to not add the suffix manually. (Lines 51, 52, 77 and 78). I finally got the direct path to work by manually renaming a file to the double "dll" suffix. Mike |
From: Michael S. <ms...@nt...> - 2012-05-27 19:00:27
|
In "iaik.tc.tss.impl.java.tsp.tcsbinding.soapservice.TcTcsBindingSoap" and possibly other places you use an idiom of } catch (RemoteException e) { ConvertRemoteExceptions.convertTcTcsException(e); ConvertRemoteExceptions.convertTcTddlException(e); ConvertRemoteExceptions.convertTcTpmException(e); return null; } to catch remote errors and turn them into local errors of an appropriate type. For some reason, I keep finding cases that as far as I can tell are causing RemoteExceptions where the underlying cause is not TcTcsException, TcTddlException or TcTpmException and which result in the call returning a null object. That then causes an NPE the next layer up when it trys to extract the error code value. I'd suggest replacing "return null" with something that returns My most recent one was a simple attempt to try and retrieve TPM status bits. "tpm.getStatus (TSS_TPMSTATUS_DISABLED)" I'm running this on a Lenovo Thinkpad T500 with an Atmel chip. I'm using SOAP because I can't seem to get the direct thing to work. Going to try that again. JDK is 1.6.0_17 for various reasons. I've tried others without much success. I'm using the pre-compiled v0.7 of jTSS. Mike |
From: Ronald T. <ron...@ia...> - 2012-05-25 14:41:10
|
Hi Michael, Thank you for pointing this out. We will take a look at this issue but it might take some time.. Ronald On 05/14/2012 07:31 PM, Michael StJohns wrote: > Hi -- > > For some reason, TcTpmConstants.TPM_NV_INDEX_TRIAL has the "D" bit > set. This is probably a bug. > > I used the constant in TcINvRam.defineSpace (in TcTpmNvData) to see if I > had space to create a 100 octet space. What I ended up with was a > permanent 100 octet space that I can't get rid of. > > When I use the correct value - 0xF004 - as the index, I get the > anticipated behavior. A "success" results in a return with no creation. > > I'd review all of the TPM_NV_INDEX_* values and make sure you're using > the correct values. > > Mike > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: Ronald T. <ron...@ia...> - 2012-05-25 14:40:23
|
Dear trustedJava users, There is now a fresh bugfix for jTSS, version 0.7a, available for immediate download. This should work with the newest and also upcoming releases of Windows. Enjoy, Ronald -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: Ronald T. <ron...@ia...> - 2012-05-25 09:04:15
|
Hello, The current jTSS does is not compatible with Windows 8 right now. It appears to be a minor thing and we are working on a patch. Ronald On 05/24/2012 10:58 PM, jva...@de... wrote: > Just wondering if anyone has gotten the jTSS test files to run on > windows 2008 server. I made sure that all of the tpm commands were not > blocked , the tcsdaemon is running , my firewall is off and I ran the > test in administration mode. > > When I run the test run_tests_simple no matter which option I pick I > get the error: > 15:50:24:803 [ERROR] TcTcsBindingSoap::connect (116): There seems no > TCS running > iaik.tc.tss.api.exceptions.tsp.TcTspException: > > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x0103 > error code (full): 0x3103 > error message: Core Service connection failed. > > just wondering if anyone has gotten jTSS to run on windows server 2008 > and if they had to do any configureations > thanks > Joe > > -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: <jva...@de...> - 2012-05-24 21:21:34
|
Just wondering if anyone has gotten the jTSS test files to run on windows 2008 server. I made sure that all of the tpm commands were not blocked , the tcsdaemon is running , my firewall is off and I ran the test in administration mode. When I run the test run_tests_simple no matter which option I pick I get the error: 15:50:24:803 [ERROR] TcTcsBindingSoap::connect (116): There seems no TCS running iaik.tc.tss.api.exceptions.tsp.TcTspException: TSS Error: error layer: 0x3000 (TSP) error code (without layer): 0x0103 error code (full): 0x3103 error message: Core Service connection failed. just wondering if anyone has gotten jTSS to run on windows server 2008 and if they had to do any configureations thanks Joe |
From: Michael S. <ms...@nt...> - 2012-05-14 18:35:40
|
Hi -- For some reason, TcTpmConstants.TPM_NV_INDEX_TRIAL has the "D" bit set. This is probably a bug. I used the constant in TcINvRam.defineSpace (in TcTpmNvData) to see if I had space to create a 100 octet space. What I ended up with was a permanent 100 octet space that I can't get rid of. When I use the correct value - 0xF004 - as the index, I get the anticipated behavior. A "success" results in a return with no creation. I'd review all of the TPM_NV_INDEX_* values and make sure you're using the correct values. Mike |
From: Martin P. <Mar...@ia...> - 2012-05-10 13:54:58
|
Hi... On 2012-05-10 06:58, Jungho Song wrote: > I implement 'PrivacyCA' by using your source(http://trustedjava.sourceforge.net/index.php?item=pca/apki). > It works with 'Infineon TPM', but doesn't work with 'STM TPM'. > > How can I do for 'STM TPM'? > can you help about this problem? Your problem description "doesn't work" does not provide any kind of information what is not working. Please provide a more detailed description of your problem, error message, call executed etc. Best regards, Martin |
From: Jungho S. <jh...@ca...> - 2012-05-10 05:29:01
|
Hi, I'm Jungho Song, PhD candidate at KAIST(Korea Advanced Institute of Science and Technology) CS dept. I have a question about PrivacyCA. I implement 'PrivacyCA' by using your source( http://trustedjava.sourceforge.net/index.php?item=pca/apki). It works with 'Infineon TPM', but doesn't work with 'STM TPM'. How can I do for 'STM TPM'? can you help about this problem? Have a nice day! from jhSong. |
From: Ronald T. <ron...@ia...> - 2012-04-23 09:02:42
|
Hi Shakir, The data must be stored in the appropriate TPM data structure before it is encrypted. The best will be to refer to the source code of jTT on how this is done. Hoping to help, Ronald On 04/23/2012 06:58 AM, Shakir Ullah Shah wrote: > I'm trying to bind some data using the public part of a binding key. > I've exported the public part through: > > byte blob[] = null; > try { > File f = new File(BINDKEY_FILENAME); > blob = new byte[(int) f.length()]; > FileInputStream fi = new FileInputStream(f); > fi.read(blob); > } catch (Exception e) { > e.printStackTrace(); > } > > TcBlobData srkSecret = TcBlobData > .newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET); > long srkSecretMode = TcTssConstants.TSS_SECRET_MODE_SHA1; > > TcIRsaKey srk = context.loadKeyByUuidFromSystem(TcUuidFactory > .getInstance().getUuidSRK()); > > TcIPolicy srkPolicy = srk.getUsagePolicyObject(); > srkPolicy.setSecret(srkSecretMode, srkSecret); > srkPolicy.assignToObject(srk); > > // create a TcBlobData using > TcBlobData keyBlob = TcBlobData.newByteArray(blob); > > // load the key using this blob > TcIRsaKey identityKey = context.loadKeyByBlob(srk, keyBlob); > > TcIRsaKey pubBindKey = identityKey; > TcBlobData pubBindKeyBlob = pubBindKey.getAttribData( > TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, > TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY); > > // write this pubBindKeyBlob to a file and send it to the challenger > File f = new File(BINDKEY_PUB_FILENAME); > byte[] pubKeyBytes = pubBindKeyBlob.asByteArray(); > System.out.println(pubKeyBytes); > FileOutputStream fo = new FileOutputStream(f); > > fo.write(pubKeyBytes); > fo.close(); > > > The encryption algorithm is the following: > > > public static byte[] encrypt(byte[] text, RSAPublicKey key) > throws Exception { > > byte[] cipherText = null; > Cipher cipher = Cipher.getInstance("RSA"); > cipher.init(Cipher.ENCRYPT_MODE, key); > cipherText = cipher.doFinal(text); > return cipherText; > } > > public static void main(String[] argv) { > final String pubBindKeyFilename = "bac_bind_pub.key"; > String fileforEncryption = "inputFileforEncryption"; > > // first get the pubBindKeyBlob from file (received from the > target earlier) > byte pubBindKey[] = null; > byte bytefileEncryption[] = null; > byte byteDataEncrypted[] = null; > > File f = new File(pubBindKeyFilename); > pubBindKey = new byte[(int) f.length()]; > FileInputStream fi = new FileInputStream(f); > fi.read(pubBindKey); > TcBlobData pubBindKeyBlob = TcBlobData.newByteArray(pubBindKey); > TcTpmPubkey pubBindKeyStruct = new TcTpmPubkey(pubBindKeyBlob); > RSAPublicKey rsaPub = TcCrypto.pubTpmKeyToJava(pubBindKeyStruct); > > File ftemp = new File(fileforEncryption); > bytefileEncryption = new byte[(int) ftemp.length()]; > FileInputStream fitemp = new FileInputStream(ftemp); > fitemp.read(bytefileEncryption); > > byteDataEncrypted = encrypt(bytefileEncryption, rsaPub); > String outFilename = "outputEncRsaFile"; > > File f2 = new File(outFilename); > FileOutputStream fo = new FileOutputStream(f2); > fo.write(byteDataEncrypted); > fo.close(); > > > I'm using jTpmTools to decrypt the data using the binding key. Here's > the command for the decryption using jTpmTools: > > unbind -i /path/to/outputEncRsaFile -o > /path/to/outputdecEncRsaFile -u 00000001-0002-0003-0405-9296a5ae537a > > The UUID is of the same binding key that I've exported. I'm getting > the following exception though. I'm not sure what I'm doing wrong. > > 00:55:30:935 [INFO] Unbind::execute (123): Using default > TSS_WELL_KNOWN_SECRET as key secret > 00:55:31:078 [INFO] TcTcsEventMgrMem::<init> (44): Using "in > memory" event log. > iaik.tc.tss.api.exceptions.tcs.TcTpmException: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x21 > error code (full): 0x21 > error message: The decryption process did not complete. > > at > iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) > at > iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244) > at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638) > at > iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442) > at > iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766) > at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:255) > at iaik.tc.apps.jtt.data.Unbind.execute(Unbind.java:171) > at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) > at > iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41) > at iaik.tc.apps.JTpmTools.main(JTpmTools.java:224) > > 00:55:31:561 [ERROR] JTpmTools::main (235): application exits > with error: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x21 > error code (full): 0x21 > error message: The decryption process did not complete. > > > Any help would be greatly appreciated. > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > > > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
From: Najeeb Ur R. <naj...@nu...> - 2012-04-23 06:55:05
|
Dear All, I am new to this mailing list as I am working on Trusted Computing and want collaborative work with this community. Waiting for the response when i will be ablle to post my question on this mailing list. -- *Mr.Najeeb-Ur Rehman* |
From: Shakir U. S. <sha...@nu...> - 2012-04-23 05:51:09
|
I'm trying to bind some data using the public part of a binding key. I've exported the public part through: byte blob[] = null; try { File f = new File(BINDKEY_FILENAME); blob = new byte[(int) f.length()]; FileInputStream fi = new FileInputStream(f); fi.read(blob); } catch (Exception e) { e.printStackTrace(); } TcBlobData srkSecret = TcBlobData .newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET); long srkSecretMode = TcTssConstants.TSS_SECRET_MODE_SHA1; TcIRsaKey srk = context.loadKeyByUuidFromSystem(TcUuidFactory .getInstance().getUuidSRK()); TcIPolicy srkPolicy = srk.getUsagePolicyObject(); srkPolicy.setSecret(srkSecretMode, srkSecret); srkPolicy.assignToObject(srk); // create a TcBlobData using TcBlobData keyBlob = TcBlobData.newByteArray(blob); // load the key using this blob TcIRsaKey identityKey = context.loadKeyByBlob(srk, keyBlob); TcIRsaKey pubBindKey = identityKey; TcBlobData pubBindKeyBlob = pubBindKey.getAttribData( TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY); // write this pubBindKeyBlob to a file and send it to the challenger File f = new File(BINDKEY_PUB_FILENAME); byte[] pubKeyBytes = pubBindKeyBlob.asByteArray(); System.out.println(pubKeyBytes); FileOutputStream fo = new FileOutputStream(f); fo.write(pubKeyBytes); fo.close(); The encryption algorithm is the following: public static byte[] encrypt(byte[] text, RSAPublicKey key) throws Exception { byte[] cipherText = null; Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, key); cipherText = cipher.doFinal(text); return cipherText; } public static void main(String[] argv) { final String pubBindKeyFilename = "bac_bind_pub.key"; String fileforEncryption = "inputFileforEncryption"; // first get the pubBindKeyBlob from file (received from the target earlier) byte pubBindKey[] = null; byte bytefileEncryption[] = null; byte byteDataEncrypted[] = null; File f = new File(pubBindKeyFilename); pubBindKey = new byte[(int) f.length()]; FileInputStream fi = new FileInputStream(f); fi.read(pubBindKey); TcBlobData pubBindKeyBlob = TcBlobData.newByteArray(pubBindKey); TcTpmPubkey pubBindKeyStruct = new TcTpmPubkey(pubBindKeyBlob); RSAPublicKey rsaPub = TcCrypto.pubTpmKeyToJava(pubBindKeyStruct); File ftemp = new File(fileforEncryption); bytefileEncryption = new byte[(int) ftemp.length()]; FileInputStream fitemp = new FileInputStream(ftemp); fitemp.read(bytefileEncryption); byteDataEncrypted = encrypt(bytefileEncryption, rsaPub); String outFilename = "outputEncRsaFile"; File f2 = new File(outFilename); FileOutputStream fo = new FileOutputStream(f2); fo.write(byteDataEncrypted); fo.close(); I'm using jTpmTools to decrypt the data using the binding key. Here's the command for the decryption using jTpmTools: unbind -i /path/to/outputEncRsaFile -o /path/to/outputdecEncRsaFile -u 00000001-0002-0003-0405-9296a5ae537a The UUID is of the same binding key that I've exported. I'm getting the following exception though. I'm not sure what I'm doing wrong. 00:55:30:935 [INFO] Unbind::execute (123): Using default TSS_WELL_KNOWN_SECRET as key secret 00:55:31:078 [INFO] TcTcsEventMgrMem::<init> (44): Using "in memory" event log. iaik.tc.tss.api.exceptions.tcs.TcTpmException: TSS Error: error layer: 0x00 (TPM) error code (without layer): 0x21 error code (full): 0x21 error message: The decryption process did not complete. at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244) at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638) at iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442) at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766) at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:255) at iaik.tc.apps.jtt.data.Unbind.execute(Unbind.java:171) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) at iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:224) 00:55:31:561 [ERROR] JTpmTools::main (235): application exits with error: TSS Error: error layer: 0x00 (TPM) error code (without layer): 0x21 error code (full): 0x21 error message: The decryption process did not complete. Any help would be greatly appreciated. |