Menu
▾
▴
trustedjava-support
|
From: Ahmed R. <ahm...@gm...> - 2009-02-26 13:32:22
|
Good Day All,
I am using JTss and JTPM-Tools to try the Quote and validation concept.
My problems lies that I am not able to load any of the keys created (AIK particular).
Added below my code, and error message.
TcIContext context = CommonSettings.getTssFactory().newContextObject();
context.connect(CommonSettings.getHostname());
TcITpm tpm = context.getTpmObject();
// load Storage Root Key
TcBlobData srkSecret = TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
long srkSecretMode = TcTssConstants.TSS_SECRET_MODE_SHA1;
TcIRsaKey srk = context.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());
TcIPolicy srkPolicy = context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
srkPolicy.setSecret(srkSecretMode, srkSecret);
srkPolicy.assignToObject(srk);
byte nonce[] = {0x1, 0x2, 0x3, 0x4, 0x5, 0x1, 0x2, 0x3, 0x4, 0x5, 0x1, 0x2,
0x3, 0x4, 0x5, 0x1, 0x2, 0x3, 0x4, 0x5};
// create a TCBlobData using the provided nonce
TcBlobData nonceData = TcBlobData.newByteArray(nonce);
TcTssValidation nonceVal = new TcTssValidation();
nonceVal.setExternalData(nonceData);
// the tpmQuote to receive data from tpm's quote
TcTssValidation tpmQuote = new TcTssValidation();
context.connect(null); // connect to localhost
// get the number of PCRs from TPM
TcBlobData subCap = TcBlobData.newUINT32((int) TcTssConstants.TSS_TPMCAP_PROP_PCR);
long numPCRs = tpm.getCapabilityUINT32(TcTssConstants.TSS_TPMCAP_PROPERTY, subCap);
for (int i = 0; i < numPCRs; i++) {
// create a pcr composite object
TcIPcrComposite pcrComp = context.createPcrCompositeObject(0);
pcrComp.selectPcrIndex(i);
// set pcr value to read
pcrComp.setPcrValue(i, tpm.pcrRead(i));
// create the UUID of the AIK
TcTssUuid uuid = new TcTssUuid().initString("00000001-0002-0003-0405-5fd0073c8832");
// set the key password
TcBlobData keySecret = TcBlobData.newString("keypass", false, "UTF-16LE");
// the AIK
TcIRsaKey identityKey = context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM, uuid);
TcIPolicy keyUsgPolicy = context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
keyUsgPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE, keySecret);
keyUsgPolicy.assignToObject(identityKey);
=======================================================================
identityKey.loadKey(srk); // ERROR LOADING THE KEY
=======================================================================
// now get the quote
tpmQuote = tpm.quote(identityKey, pcrComp, nonceVal);
=======================================================================
Error Message:
============
iaik.tc.tss.api.exceptions.tcs.TcTpmException:
TSS Error:
error layer: 0x00 (TPM)
error code (without layer): 0x21
error code (full): 0x21
error message: The decryption process did not complete.
=++=============================================++=
Libaries
======
TPM-Emaulator 0.5
TCLinux:/home/aramadan/Desktop/Java/jTpmTools_0.3c # ./jtt.sh version
JTpmTools: 0.3c 20080605 10:56:50
JTSS_TSP: 0.4 20081218 10:30:08
JTSS_JNI: 0.3.1 20071128 9:44:59
XKMS: 0.2a-20080605-153902
TCcert: 0.2.2a-20080709-114558
Any comments are welcome.
Regards, Dan
_________________________________________________________________
Windows Live™ Hotmail®:…more than just e-mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_explore_022009 |
|
From: Martin P. <Mar...@ia...> - 2009-03-03 09:27:49
|
Hi... Ahmed Ramadan wrote: > I am using JTss and JTPM-Tools to try the Quote and validation concept. Look into the just released PrivacyCA 0.2 package, the PrivacyCA sources are in apki-0.2.tar.gz. The module TspQuote implements the self-attestation function of the PCA server, the functions doQuote and verifyQuote showcase how to do a quote and verify the results afterwards. > TCLinux:/home/aramadan/Desktop/Java/jTpmTools_0.3c # ./jtt.sh version > JTSS_TSP: 0.4 20081218 10:30:08 > JTSS_JNI: 0.3.1 20071128 9:44:59 You appear to be using a new jTSS with old version of jTSS wrapper/TrouSerS. We just released an experimental upgrade of jTSS Wrapper which should work better with TrouSerS 0.3.1cvs. HTH, Martin |
|
From: Ahmed R. <ahm...@gm...> - 2009-03-10 11:50:09
|
Dear Martin, I have 2 questions. 1) Is there a way to report the integrity measurement log (IMA) into the TPM (emulator) in my case using the jTSS (or even trousers if not available through the jTSS) ? 2) I have executed the Quote, the remote attestation server should verify the quote. Verifying the quote means that the server recomputes the measurement Log, however I cannot understand how the extend operation work ie. file : version.txt sha1sum version.txt dd3fe79ca0b0d80e1b33018054239ef4628b93d1 version.txt ./jtt.sh pcr_extend -f version.txt -p 1 PCR 1: 70 b9 e1 fa 6a 69 48 27 7a 46 32 c0 11 f8 d2 f6 ec b3 ab 56 ./jtt.sh pcr_extend -f version.txt -p 2 PCR 2: a1 5f 67 be ab fe 9d b6 ba cc 4e 45 0d 4f 13 07 e9 8f 98 fc Why is the PCR hash values different than the pure hash of the file, even if the extend use the initial PCR values then PCR[1] & [2] should be equal as the initial is the same (ie the emulator has been resetted before executing these commands). Thanks for further declaration. Regards, Ahmed > Date: Tue, 3 Mar 2009 10:24:15 +0100 > From: Mar...@ia... > To: ahm...@gm... > CC: tru...@li... > Subject: Re: [Trustedjava-support] Load AIK problem > > Hi... > > Ahmed Ramadan wrote: > > I am using JTss and JTPM-Tools to try the Quote and validation concept. > > Look into the just released PrivacyCA 0.2 package, the PrivacyCA sources > are in apki-0.2.tar.gz. > > The module TspQuote implements the self-attestation function of the PCA server, > the functions doQuote and verifyQuote showcase how to do a quote and > verify the results afterwards. > > > > TCLinux:/home/aramadan/Desktop/Java/jTpmTools_0.3c # ./jtt.sh version > > JTSS_TSP: 0.4 20081218 10:30:08 > > JTSS_JNI: 0.3.1 20071128 9:44:59 > > You appear to be using a new jTSS with old version of jTSS wrapper/TrouSerS. > We just released an experimental upgrade of jTSS Wrapper which should work > better with TrouSerS 0.3.1cvs. > > > HTH, > Martin > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support _________________________________________________________________ Windows Live™ Groups: Create an online spot for your favorite groups to meet. http://windowslive.com/online/groups?ocid=TXT_TAGLM_WL_groups_032009 |
|
From: Ronald T. <ron...@ia...> - 2009-03-10 13:46:46
Attachments:
smime.p7s
|
Hello Ahmed, Ahmed Ramadan wrote: > I have 2 questions. > > 1) Is there a way to report the integrity measurement log (IMA) into > the TPM (emulator) in my case using the jTSS (or even trousers if not > available through the jTSS) ? I'll answer the first part.. Since jTSS 0.4, a simple event log implementation is provided, which stores events in a flat file fashion. Our implementation does not cover platform specific requirements such as inclusion of the log files of IBM's IMA. However, the logging class implementation can easily be configured in the tss_tcs.ini file; you could create your own implementation of TcITcsEventMgr that integrates IMA logs. You could also consider to handle ACPI-based logging informations. I don't know what kind of integration, if any, TrouSerS offers. Regards, Ronald -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Martin P. <Mar...@ia...> - 2009-03-10 14:24:52
Attachments:
smime.p7s
|
Hi... Ahmed Ramadan wrote: > 2) I have executed the Quote, the remote attestation server should verify the quote. > Verifying the quote means that the server recomputes the measurement Log, however I cannot understand how the extend operation work ie. See TSS specification, description of structure TSS_PCR_EVENT, comment of parameter rgbPcrValue. HTH, Martin |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X