trustedjava-support

Re: [Trustedjava-support] How to use the Wrapper + IDE

[<ron...@ia...>]

Hello Tiago,

Tiago Lopes wrote:

 > I'm having difficulties do understand how do someone uses the wrapper 
on a java project.

 > Using the jTSS_0.1 I've found that some methods like "
 > context.registerKey()" are NOT implemented on jTSS_0.1, but they are 
on the wrapper_0.3.
Yes, that's right. We are currently working on implementing persistent 
storage for jTSS.

 > So now I'm trying to work with this wrapper... I've compiled it and 
now I don't have a clue how to add this to my java project.
Ok, if you can compile it you should have all required libraries etc. on 
your system.
Of course, you need to have the TPM driver and TrouSerS up and running 
before you try any access!

The best way to start is to try
  makefile run_tests
with the newly built Wrapper. At this target in the makefile you can see 
  which environment is needed to use the classes.
Once this runs from the shell, you should configure your IDE.

 > I'm supposed to add the "iaik_jtss_tsp.jar" on the ext_libs folder, 
and the "iaik_jtss_wrapper.jar" on output/jar folder to my project?

You will have to add the two created jars (as external jars) to your 
project to compile.

iaik_jtss_wrapper.jar
iaik_jtss_wrapper_swig.jar

adding JUnit 3 might be useful, but is no requirement.

To run your application, you need to add these jars to your classpath. 
Furthermore you have to extend the LD_LIBRARY_PATH environment variable
path, to include outpub/lib with the

libtspiwrapper.so

In Eclipse you can do this by selecting the class that contains your 
main(), and then Run as..


 > I have to make any alterations to my java code?
Yes.

You have to use class
  TcTssJniFactory (for wrapper)
instead of
  TcTssLocalCallFactory (for jTSS)
to instantiate your first factory.

Regards, Ronald

-- 
Ronald Toegl
IAIK, TU Graz

Re: [Trustedjava-support] How to use the Wrapper + IDE

[<ron...@ia...>]

Hello Tiago,

Tiago Lopes wrote:
 > On 8/9/07, *Ronald T=F6gl* <ron...@ia...=20
<mailto:ron...@ia...>> wrote:
 >
 >     You will have to add the two created jars (as external jars) to yo=
ur
 >     project to compile.
 >
 >     iaik_jtss_wrapper.jar
 >     iaik_jtss_wrapper_swig.jar
 >
 >
 > Ok, now I've managed to compile and run fine. I've added these two=20
new Jar's plus iaik_jtss_tsp.jar to the referenced libraries, otherwise=20
all the top TSP interfaces wouldn't be found by eclipse (ex. TcIContext).=

Sorry, I missed that one.


 > I've having some issues: the first is that if I use the=20
=2E/take_ownership (included in the trousers tpm-tools package) and a nul=
l=20
(press enter) SRK key, I have to use on my code:
 >
 > TcBlobData TPM_SRK_SECRET =3D TcBlobData.newString("");
 > SRK_SECRET_MODE =3D TcTssConstants.TSS_SECRET_MODE_PLAIN;
 >
 > otherwise auth will fail!

This is not a bug, but a feature. :-)

With the TrouSerS tools, the SRK is given an authorisation secret, which =

is a 160-bit SHA-1 hash.
So you don't have a "null" secret for the key, but a complex 160-bit=20
value, which just happens to have an extremely simple pre-image to type i=
n.
With the TSS_SECRET_MODE_PLAIN setting in the Wrapper, the secret string =

will first be hashed and then applied to the key, thus creating the=20
identical authorisation secret.


 > The second issue is that
 > "context.getRegisteredKeysByUuidSystem (null);"
 > Returns exactly the same output as
 > "context.getRegisteredKeysByUuidUser(null);"
 >
 > and I'm registering different USER and SYSTEM keys using something=20
like this:
 >
 > context.registerKey (key,
 >                 TcTssConstants.TSS_PS_TYPE_USER,
 >                 keyUuid,
 >                 TcTssConstants.TSS_PS_TYPE_USER,
 >                 TcUuidFactory.getInstance().getUuidSRK());
 >
 > Is this the expected behavior or I'm not reading the javadoc's right?

This is unexpected behavior.

However, the wrapper just accesses the TrouSerS for this functionality.=20
The Java part provides the correct function call, passing the right=20
parameters for both different cases. Apparently, TrouSerS does not=20
implement (or is not correctly configured) two persistent storages (user =

and system).

Feel free to look at the TrouSerS C source code to find out what is=20
implemented there and what not.

Regards, Ronald

--=20
Ronald Toegl
IAIK, TU Graz