trustedjava-support

[Trustedjava-support] error tpm emulator

[patrizia c. <pat...@in...>]

hi all!

i have a problem: i have done an interation between a client and a =
privacy CA using your example in the JTSS package. The only difference =
is that the client and the PCA are not in the same project, but i've =
realized the PCA as a servlet to simulate a real communication. the =
client and the Pca use the TSS stack. i have create a context in the =
client and in the pca, but when i do the context.connect() in the pca it =
gives me the follow error (i use the tpm emulator):



13:03:27:284 [WARN] TcTddlLinux::open (-1): Unable to open TPM device =
file /dev/tpm.

Reason: /dev/tpm (Device or resource busy)

13:03:27:286 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed.

13:03:27:286 [ERROR] TcTcsi::<clinit> (-1):=20

TSS Error:

error layer: 0x1000 (TDDL)

error code (without layer): 0x87

error code (full): 0x1087

error message: The request could not be performed because of an IO =
device error.

additional info: Unable to open TPM device file /dev/tpm.

Reason: /dev/tpm (Device or resource busy)



iaik.tc.tss.api.exceptions.tcs.TcTddlException:=20

TSS Error:

error layer: 0x1000 (TDDL)

error code (without layer): 0x87

error code (full): 0x1087

error message: The request could not be performed because of an IO =
device error.

additional info: Unable to open TPM device file /dev/tpm.

Reason: /dev/tpm (Device or resource busy)



at iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source)

at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown Source)

at iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(Unknown =
Source)

at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown Source)

at =
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenCont=
ext(Unknown Source)

at =
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal(=
TcTspInternal.java:378)

at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)

at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)

at MiaCa.doPost(MiaCa.java:101)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at =
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat=
ionFilterChain.java:252)

at =
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte=
rChain.java:173)

at =
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFil=
ter.java:368)

at =
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat=
ionFilterChain.java:202)

at =
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte=
rChain.java:173)

at =
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve=
.java:213)

at =
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve=
.java:178)

at =
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:=
126)

at =
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:=
105)

at =
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.j=
ava:107)

at =
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:14=
8)

at =
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869=
)

at =
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proce=
ssConnection(Http11BaseProtocol.java:664)

at =
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.=
java:527)

at =
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowe=
rWorkerThread.java:80)

at =
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.=
java:684)

at java.lang.Thread.run(Thread.java:619)

13:03:30:554 [ERROR] TcTddlVista::<clinit> (-1): Unable to load native =
Vista DLL (neither from library path nor from jar file).=20



how can i do? i understand that if the client uses the tpm emulator, the =
PCA doesn't use it. Or not?

Can you suggest me any solution?

thanks patrizia cellesi

Re: [Trustedjava-support] error tpm emulator

[Martin P. <Mar...@ia...>]

Hi...

patrizia cellesi wrote:
> i have a problem: i have done an interation between a client and a privacy CA
> using your example in the JTSS package. The only difference is that the client
> and the PCA are not in the same project, but i've realized the PCA as a servlet
> to simulate a real communication. the client and the Pca use the TSS stack. i
> have create a context in the client and in the pca, but when i do the
> context.connect() in the pca it gives me the follow error (i use the tpm emulator):

> 13:03:27:284 [WARN] TcTddlLinux::open (-1): Unable to open TPM device file /dev/tpm.
> Reason: /dev/tpm (Device or resource busy)

The TPM chip (/dev/tpm) can only be accessed by one TSS at a time. The TSS design
calls for one system-wide TSS running, multiplexing application accesses.

If you want to simulate a PrivacyCA setup with both client and server on
the same machine, this is doable.
The client gets to run the TSS and access the TPM.
The server side of a PrivacyCA does not need a TPM, only some crypto helper
routines from the TSS top level.

Take a closer look at PrivacyCA.java from JTpmTools, lines 117-

  // context for crypto operations in verify
  // NOTE: IAIK jTSS context does not need to be connected to a TPM
  context_ = new TcTssLocalCallFactory().newContextObject();

A context is created to get access to some helper functions, but never connected
on the server side, thus no TPM is needed. This trick works only on jTSS.


HTH

-- 
Martin Pirker
IAIK, TU Graz