trustedjava-support

[Trustedjava-support] Loading Key from Storage for Quote

[Saurabh A. <tan...@gm...>]

Hi

I am trying to do a Quote operation.
when i create the aik key and use it for quote it works for me. But
when i try to load the Aik key from persistent storage, i am unable to
do a successful quote operation.

following is the code i am using :

LoadAik_and_Do_Quote() {
		
		
/***** srk - loading policies, setting secret ******/
		
TcBlobData srkSecret =
TcTssStructFactory.newBlobData().initString("tanish", false, "ASCII");

long srkSecretMode = TcTssDefines.TSS_SECRET_MODE_PLAIN;

TcIRsaKey srk =
context_.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());
		
TcIPolicy srkPolicy = srk.getUsagePolicy(); /* default policy */
srkPolicy.setSecret(srkSecretMode, srkSecret);
		
/***** aik - setting policies,secret ******/

TcBlobData aikSecret =
TcTssStructFactory.newBlobData().initString("password", false,
"ASCII");

long aikSecretMode = TcTssDefines.TSS_SECRET_MODE_PLAIN;
	
TcIPolicy aikUsgPolicy =
context_.createPolicyObject(TcTssDefines.TSS_POLICY_USAGE);


		
/***** UUID to be called from storage : 1.2.3.4.5.010203040505 ******/

TcTssUuid aikUuid = null;
short array[] =  {1,2,3,4,5,5};
aikUuid = TcTssStructFactory.newUuid().init(1, 2, 3, (short) 4,
(short) 5,array);


TcIRsaKey aikKey_ =
context_.getKeyByUuid(TcTssDefines.TSS_PS_TYPE_SYSTEM, aikUuid);
aikUsgPolicy.assignToObject(aikKey_);

TcIPolicy aikPolicy = aikKey_.getUsagePolicy();

aikUsgPolicy.setSecret(aikSecretMode,aikSecret);
		
aikKey_.loadKey(srk);
		
/******* quote ************/

TcIPcrComposite pcrs = context_.createPcrCompositeObject(0);

for (int i = 0; i < pcrList.length; i++) {
			pcrs.selectPcrIndex(pcrList[i]);
}

TcTssValidation validation = TcTssStructFactory.newValidation();
validation.setExternalData(nonce);
		
// do the quote and return the resulting blob
validation = tpm.quote(aikKey_, pcrs, validation);   // <----- Error line

}

==================================================

I get the following error :

TSPI call error:
  error code:    0x01
  error message: TPM layer: Authentication failed
	at iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java:102)
	at iaik.tss.impl.jni.TcTpm.quote(TcTpm.java:482)
	at "Error line"

==================================================

i using correct passwords for srk and aik.
What may be going wrong ??


regards
Saurabh

Re: [Trustedjava-support] Loading Key from Storage for Quote

[Thomas W. <tc...@to...>]

Hi,

Could you please specify which version of TrouSerS and jTSS Wrapper you are 
using?

Thanks,
-- 
Thomas Winkler
e-mail: tc...@to...

Re: [Trustedjava-support] Loading Key from Storage for Quote

[Saurabh A. <tan...@gm...>]

On 5/18/07, Thomas Winkler <tc...@to...> wrote:
> Hi,
>
> Could you please specify which version of TrouSerS and jTSS Wrapper you are
> using?
>
> Thanks,
> --
> Thomas Winkler
> e-mail: tc...@to...
>

Re: [Trustedjava-support] Loading Key from Storage for Quote

[Saurabh A. <tan...@gm...>]

hi

trousers 0.2.9
jTSS 0.2.5
jTpmtools 0.2
Tccert 0.2.1.a


regards
saurabh

On 5/19/07, Saurabh Arora <tan...@gm...> wrote:
> hi
>
> trousers 0.2.9
> jTSS 0.2.5
> jTpmtools 0.2
> Tccert 0.2.1.a
>
>
> regards
> saurabh
>
>
> On 5/18/07, Thomas Winkler <tc...@to...> wrote:
> > Hi,
> >
> > Could you please specify which version of TrouSerS and jTSS Wrapper you are
> > using?
> >
> > Thanks,
> > --
> > Thomas Winkler
> > e-mail: tc...@to...
> >
>

Re: [Trustedjava-support] Loading Key from Storage for Quote

[Thomas W. <tc...@to...>]

Hi,

> trousers 0.2.9
> jTSS 0.2.5
> jTpmtools 0.2
> Tccert 0.2.1.a

Although you are not using the latest versions, this combination should be ok 
(jTSS Wrapper 0.3 and friends mostly introduced changes to the API but did 
not bring many substantial "under the hood" changes).
I have not tested your code but one thing you should double check is the 
policy handling. Keep in mind that by default all TSP level object are 
assigned to the default policy upon creation. By accident you might have used 
the default policy for your objects (and reset the default policy secret at 
some point) instead of creating and assigning individual policy objects.

bye,
-- 
Thomas Winkler
e-mail: tc...@to...

Re: [Trustedjava-support] Loading Key from Storage for Quote

[Saurabh A. <tan...@gm...>]

Hi Thomas


On 5/20/07, Thomas Winkler <tc...@to...> wrote:
> Hi,
>
> > trousers 0.2.9
> > jTSS 0.2.5
> > jTpmtools 0.2
> > Tccert 0.2.1.a
>
> Although you are not using the latest versions, this combination should be ok
> (jTSS Wrapper 0.3 and friends mostly introduced changes to the API but did
> not bring many substantial "under the hood" changes).
> I have not tested your code but one thing you should double check is the
> policy handling. Keep in mind that by default all TSP level object are
> assigned to the default policy upon creation. By accident you might have used
> the default policy for your objects (and reset the default policy secret at
> some point) instead of creating and assigning individual policy objects.
>

I am using jtpmtools createaik code for creating/registering aik. so i
dont play with policies there, i just provide owner,srk,aik secret in
commandline with ASCII encoding and no null termination. and the
loading key code is in front of you, which i think have same policies
as in createaik code.

and now ?

regards
Saurabh