trustedjava-support

[Trustedjava-support] Error calling TcITpm.collateIdentityRequest

[Till B. <ti...@on...>]

Hello,

I am using jTss with the wrapper for TrouSerS on with an STM TPM. I want to
create an AIK for a remote attestation procedure. I set up the TPM using
TrouSerS and tpm_takeownership. During that process I had to set the owner
password as well as the SRK password. In my Java application I try to load
the SRK and it seems to work. After I created an empty aik I try to issue a
collateIdentityRequest and encounter the following error:

----
iaik.tc.tss.api.exceptions.tcs.TcTpmException:

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x01
error code (full):          0x01
error message: Authentication failed

    at iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode(TcBaseObject.java
:104)
    at iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java
:1071)
    at tc.Client.collateIdentityRequest(Client.java:176)
    at test.trustedJava.TestQuote.main(TestQuote.java:22)
----

I looked in the sources and it seems to be an "TcTssErrors.TSS_LAYER_TPM"
error.

Any help is appreciated. Thanks a lot
-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************

Re: [Trustedjava-support] Error calling TcITpm.collateIdentityRequest

[Till B. <ti...@on...>]

I think I found the error. It was the encoding of the used passwords. I
guess if the password is set via tpm_takeownership the encoding is ASCII
whereas jTSS expects UTF-16LE.

On 7/16/07, Till Bentz <ti...@on...> wrote:
>
> Hello,
>
> I am using jTss with the wrapper for TrouSerS on with an STM TPM. I want
> to create an AIK for a remote attestation procedure. I set up the TPM using
> TrouSerS and tpm_takeownership. During that process I had to set the owner
> password as well as the SRK password. In my Java application I try to load
> the SRK and it seems to work. After I created an empty aik I try to issue a
> collateIdentityRequest and encounter the following error:
>
> ----
> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>
> TSS Error:
> error layer:                0x00 (TPM)
> error code (without layer): 0x01
> error code (full):          0x01
> error message: Authentication failed
>
>     at iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode(
> TcBaseObject.java:104)
>     at iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java
> :1071)
>     at tc.Client.collateIdentityRequest(Client.java :176)
>     at test.trustedJava.TestQuote.main(TestQuote.java:22)
> ----
>
> I looked in the sources and it seems to be an "TcTssErrors.TSS_LAYER_TPM"
> error.
>
> Any help is appreciated. Thanks a lot
> --
> MfG
>   Till
>
> **********************************************
>       Der Benutzer ist eine nicht zu
>   tolerierende Quelle der Unsicherheit
> **********************************************




-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************

Re: [Trustedjava-support] Error calling TcITpm.collateIdentityRequest

[Martin P. <Mar...@ia...>]

Till Bentz wrote:
> I think I found the error. It was the encoding of the used passwords. I
> guess if the password is set via tpm_takeownership the encoding is ASCII
> whereas jTSS expects UTF-16LE.

jTSS takes whatever the client passes in.

See JTpmTools optional parameters:
  -e encoding    ... encoding for password strings (legal values: ASCII, UTF-16,
                     UTF-16BE, UTF-16LE) (default: UTF-16LE)
  -n             ... append null termination to password strings


There is/was confusion about encoding of passwords in the 1.1 vs 1.2 spec
vs. "reality" of various Windows stack vendors.
In order to offer the user the choice, JTpmTools supports above flags to allow
maximum compatibility (see source code how to handle the cases).

I hope this is also your "Authentication" issue in your mail of 2007-07-04 18:44.

HTH

-- 
Martin Pirker
IAIK, TU Graz

Re: [Trustedjava-support] Error calling TcITpm.collateIdentityRequest

[Saurabh A. <tan...@gm...>]

Hi

On 7/16/07, Till Bentz <ti...@on...> wrote:
> Hello,
>
> I am using jTss with the wrapper for TrouSerS on with an STM TPM. I want to
> create an AIK for a remote attestation procedure. I set up the TPM using
> TrouSerS and tpm_takeownership. During that process I had to set the owner
> password as well as the SRK password.

it is always gud to cross check your previous step by using
"tpm_changeownerauth -s".

> In my Java application I try to load
> the SRK and it seems to work. After I created an empty aik I try to issue a
> collateIdentityRequest and encounter the following error:
>
> ----
> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>
> TSS Error:
> error layer:                0x00 (TPM)
> error code (without layer): 0x01
> error code (full):          0x01
> error message: Authentication failed
>
>     at
> iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode(TcBaseObject.java:104)
>     at
> iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java:1071)
>     at tc.Client.collateIdentityRequest(Client.java :176)
>     at test.trustedJava.TestQuote.main(TestQuote.java:22)
> ----
>

seems to be a incorrect input (null, encoding) of srk/owner secret.
can you post the code where you feed the srk, owner secret.

best
Tanish