From: Raja <raj...@ho...> - 2015-06-10 20:15:49
|
Hello, I am looking for source code for jTssTddlVista.dll. Where can I find it? Thanks Raja |
From: Johannes W. <joh...@ia...> - 2015-06-11 11:01:53
|
Hello, Am 10.06.2015 um 22:15 schrieb Raja: [...] > Hello, > > I am looking for source code for jTssTddlVista.dll. Where can I find it? > > Thanks > Raja [...] As far as I know the sources for jTssTddlVista.dll have never been released publicly (for reasons I don't fully understand). Actually that DLL is nothing more than a small JNI wrapper around Windows TBS. If you are looking for a C# alternative (P/Invoke based), which does not rely on external (non-system) DLLs, have a look at the TPMBaseServices.cs class from "doTSS" [1]. ("doTSS" actually was a student project aiming to create a proof-of-concept TPM stack for .NET) Best, Johannes [1] https://github.com/deveck/doTSS/blob/master/tpm_lib/tpm_lowlvl/backends/win32/TPMBaseServices.cs -- Johannes Winter, IAIK - Graz University of Technology __ Inffeldgasse 16a, 8010 Graz, Austria __ _| |_ Phone: +43 316 873 5578 | || | Fax: +43 316 873 5520 |_ _||__| http://www.iaik.tugraz.at/ |__| IAIK |
From: Raja <raj...@ho...> - 2015-06-11 18:22:21
|
Hi Johannes, Thanks again. I don't need the p/Invoke stuffs. I already have my own DLL that does that, I converted jTSS java code to C#. I wrote my own DLL for tbs_submit_command, because code for jTssTddlVista.dll is not public. With the C#-convert code and my own DLL, I can query TPM version, capabilities, PCR values etc.. and they all work. For some reason NVDefineSpace is the only call that fails. The return code I get is 1 on one machine and 34 (0x22) on another machine. This error code is not listed as any TPM related error code. The reason I am after jTssTddlVista code is I want to see what it is doing that I am not. Is it possible certain TPM commands must be run under SYSTEM account? I run my code as an admin but that does not help. I wonder if my code should be run under SYSTEM context (from a service). ThanksRaja > Date: Thu, 11 Jun 2015 12:40:21 +0200 > From: joh...@ia... > To: tru...@li... > Subject: Re: [Trustedjava-support] jTssTddlVista.dll > > Hello, > > Am 10.06.2015 um 22:15 schrieb Raja: > [...] > > Hello, > > > > I am looking for source code for jTssTddlVista.dll. Where can I find it? > > > > Thanks > > Raja > [...] > > As far as I know the sources for jTssTddlVista.dll have never been > released publicly (for reasons I don't fully understand). Actually that > DLL is nothing more than a small JNI wrapper around Windows TBS. > > If you are looking for a C# alternative (P/Invoke based), which does not > rely on external (non-system) DLLs, have a look at the > TPMBaseServices.cs class from "doTSS" [1]. > > ("doTSS" actually was a student project aiming to create a > proof-of-concept TPM stack for .NET) > > Best, > Johannes > > [1] > https://github.com/deveck/doTSS/blob/master/tpm_lib/tpm_lowlvl/backends/win32/TPMBaseServices.cs > -- > Johannes Winter, IAIK - Graz University of Technology __ > Inffeldgasse 16a, 8010 Graz, Austria __ _| |_ > Phone: +43 316 873 5578 | || | > Fax: +43 316 873 5520 |_ _||__| > http://www.iaik.tugraz.at/ |__| IAIK > > ------------------------------------------------------------------------------ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support |
From: Johannes W. <joh...@ia...> - 2015-06-11 19:27:39
|
Hi Raja, Am 11.06.2015 um 20:22 schrieb Raja: [...] > Hi Johannes, > > Thanks again. I don't need the p/Invoke stuffs. I already have my own > DLL that does that, > > I converted jTSS java code to C#. I wrote my own DLL for > tbs_submit_command, because code for jTssTddlVista.dll is not > public. With the C#-convert code and my own DLL, I can query TPM > version, capabilities, PCR values etc.. and they all work. For some > reason NVDefineSpace is the only call that fails. The return code I > get is 1 on one machine and 34 (0x22) on another machine. This error > code is not listed as any TPM related error code. [...] Where _exactly_ do these return codes (0x1, 0x22) come from? I assume that the Tbsip_Submit_Command call in your own native DLL returns TBS_SUCCESS (0), right? To me the two return codes look like the raw TPM result codes from the TPM's response blob. In that case they would be TPM_AUTHFAIL and TPM_INVALID_AUTHHANDLE. Assuming that your authoriztion handles and command blobs are correct, both error codes may be hints that something with marshalling of your blobs between C# and your native DLL could be wrong. Did you already try to run any other TPM commands, like TPM_OwnerReadInternalPub, which require owner authorization? [...] > The reason I am after jTssTddlVista code is I want to see what it is > doing that I am not. [...] Apart from JNI related marshalling/unmarshalling the jTssTddlVista code is functionally equivalent to the tpmTransmit function from the "doTSS" project ([2]) mentioned earlier in this thread. [...] > Is it possible certain TPM commands must be run under SYSTEM account? > I run my code as an admin but that does not help. I wonder if my code > should be run under SYSTEM context (from a service). [...] Based on our earlier discussion[1] related to jtt.sh I highly doubt that running in a SYSTEM context would help. Best, Johannes [1] http://sourceforge.net/p/trustedjava/mailman/trustedjava-support/?viewmonth=201503 [2] https://github.com/deveck/doTSS/blob/master/tpm_lib/tpm_lowlvl/backends/win32/TPMBaseServices.cs#L86 -- Johannes Winter, IAIK - Graz University of Technology __ Inffeldgasse 16a, 8010 Graz, Austria __ _| |_ Phone: +43 316 873 5578 | || | Fax: +43 316 873 5520 |_ _||__| http://www.iaik.tugraz.at/ |__| IAIK |
From: Raja <raj...@ho...> - 2015-06-11 20:32:39
|
Hi Johannes, Thanks. Yes Tbsip_Submit_Command always return 0, those error codes (1 and 34) are from the response blob. So it does look I have goofed up somewhere. I will report back with what I find. Thanks and much appreciate your help!! Raja > Date: Thu, 11 Jun 2015 21:27:24 +0200 > From: joh...@ia... > To: raj...@ho... > CC: tru...@li... > Subject: Re: [Trustedjava-support] jTssTddlVista.dll > > Hi Raja, > > Am 11.06.2015 um 20:22 schrieb Raja: > [...] > > Hi Johannes, > > > > Thanks again. I don't need the p/Invoke stuffs. I already have my own > > DLL that does that, > > > > I converted jTSS java code to C#. I wrote my own DLL for > > tbs_submit_command, because code for jTssTddlVista.dll is not > > public. With the C#-convert code and my own DLL, I can query TPM > > version, capabilities, PCR values etc.. and they all work. For some > > reason NVDefineSpace is the only call that fails. The return code I > > get is 1 on one machine and 34 (0x22) on another machine. This error > > code is not listed as any TPM related error code. > [...] > Where _exactly_ do these return codes (0x1, 0x22) come from? > I assume that the Tbsip_Submit_Command call in your own native DLL > returns TBS_SUCCESS (0), right? > > To me the two return codes look like the raw TPM result > codes from the TPM's response blob. In that case they would be > TPM_AUTHFAIL and TPM_INVALID_AUTHHANDLE. > > Assuming that your authoriztion handles and command blobs are correct, > both error codes may be hints that something with marshalling of your > blobs between C# and your native DLL could be wrong. > > Did you already try to run any other TPM commands, like > TPM_OwnerReadInternalPub, which require owner authorization? > > [...] > > The reason I am after jTssTddlVista code is I want to see what it is > > doing that I am not. > [...] > Apart from JNI related marshalling/unmarshalling the jTssTddlVista code > is functionally equivalent to the tpmTransmit function from the "doTSS" > project ([2]) mentioned earlier in this thread. > > [...] > > Is it possible certain TPM commands must be run under SYSTEM account? > > I run my code as an admin but that does not help. I wonder if my code > > should be run under SYSTEM context (from a service). > [...] > Based on our earlier discussion[1] related to jtt.sh I highly doubt that > running in a SYSTEM context would help. > > Best, > Johannes > > [1] > http://sourceforge.net/p/trustedjava/mailman/trustedjava-support/?viewmonth=201503 > > [2] > https://github.com/deveck/doTSS/blob/master/tpm_lib/tpm_lowlvl/backends/win32/TPMBaseServices.cs#L86 > -- > Johannes Winter, IAIK - Graz University of Technology __ > Inffeldgasse 16a, 8010 Graz, Austria __ _| |_ > Phone: +43 316 873 5578 | || | > Fax: +43 316 873 5520 |_ _||__| > http://www.iaik.tugraz.at/ |__| IAIK |
From: Raja <raj...@ho...> - 2015-06-15 23:00:41
|
Hi Johannes, I installed Trousers on my test machine to run some tests. 1. NV_DefineSpace using Trousers (tpm_nvdefine.exe) without specifying owner password works just fine. 2. NV_DefineSpace using tpm_nvdefine.exe with owner password failed with Authentication failure error code. (This is perplexing to me). 3. My code (C# port of jTSS) also failed with authentication failure. 4. Java based jTT (NVDefineSpace command) with owner password works just fine. 5. I have some other code that does owner password validation using Win32_Tpm class that works fine for the same password. So I am not sure what other reasons could contribute to auth failures in Trousers and my C# port of jTSS. Also IBM released TPM2.0 library. Do you happen to know if that is backward compatible with TPM 1.2? Thanks Raja From: raj...@ho... To: joh...@ia... Date: Thu, 11 Jun 2015 13:32:32 -0700 CC: tru...@li... Subject: Re: [Trustedjava-support] jTssTddlVista.dll Hi Johannes, Thanks. Yes Tbsip_Submit_Command always return 0, those error codes (1 and 34) are from the response blob. So it does look I have goofed up somewhere. I will report back with what I find. Thanks and much appreciate your help!! Raja > Date: Thu, 11 Jun 2015 21:27:24 +0200 > From: joh...@ia... > To: raj...@ho... > CC: tru...@li... > Subject: Re: [Trustedjava-support] jTssTddlVista.dll > > Hi Raja, > > Am 11.06.2015 um 20:22 schrieb Raja: > [...] > > Hi Johannes, > > > > Thanks again. I don't need the p/Invoke stuffs. I already have my own > > DLL that does that, > > > > I converted jTSS java code to C#. I wrote my own DLL for > > tbs_submit_command, because code for jTssTddlVista.dll is not > > public. With the C#-convert code and my own DLL, I can query TPM > > version, capabilities, PCR values etc.. and they all work. For some > > reason NVDefineSpace is the only call that fails. The return code I > > get is 1 on one machine and 34 (0x22) on another machine. This error > > code is not listed as any TPM related error code. > [...] > Where _exactly_ do these return codes (0x1, 0x22) come from? > I assume that the Tbsip_Submit_Command call in your own native DLL > returns TBS_SUCCESS (0), right? > > To me the two return codes look like the raw TPM result > codes from the TPM's response blob. In that case they would be > TPM_AUTHFAIL and TPM_INVALID_AUTHHANDLE. > > Assuming that your authoriztion handles and command blobs are correct, > both error codes may be hints that something with marshalling of your > blobs between C# and your native DLL could be wrong. > > Did you already try to run any other TPM commands, like > TPM_OwnerReadInternalPub, which require owner authorization? > > [...] > > The reason I am after jTssTddlVista code is I want to see what it is > > doing that I am not. > [...] > Apart from JNI related marshalling/unmarshalling the jTssTddlVista code > is functionally equivalent to the tpmTransmit function from the "doTSS" > project ([2]) mentioned earlier in this thread. > > [...] > > Is it possible certain TPM commands must be run under SYSTEM account? > > I run my code as an admin but that does not help. I wonder if my code > > should be run under SYSTEM context (from a service). > [...] > Based on our earlier discussion[1] related to jtt.sh I highly doubt that > running in a SYSTEM context would help. > > Best, > Johannes > > [1] > http://sourceforge.net/p/trustedjava/mailman/trustedjava-support/?viewmonth=201503 > > [2] > https://github.com/deveck/doTSS/blob/master/tpm_lib/tpm_lowlvl/backends/win32/TPMBaseServices.cs#L86 > -- > Johannes Winter, IAIK - Graz University of Technology __ > Inffeldgasse 16a, 8010 Graz, Austria __ _| |_ > Phone: +43 316 873 5578 | || | > Fax: +43 316 873 5520 |_ _||__| > http://www.iaik.tugraz.at/ |__| IAIK ------------------------------------------------------------------------------ _______________________________________________ Trustedjava-support mailing list Tru...@li... https://lists.sourceforge.net/lists/listinfo/trustedjava-support |