iaik.tc.tss.impl.java.tcs.tcsi
Class TcTcsi

java.lang.Object
  extended by iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi

public class TcTcsi
extends java.lang.Object

This class provides a set of functions making up the TCS interface (TCSI). This interface is the one to be exposed to the TSP. This can be done in several ways ranging from RPC (RMI) to SOAP. For testing, a local procedure call interface might be of interest as well. Note that access to the TPM must be properly synchronized. According to the TCG specification, the TCS is the component for the TSS that is responsible for this synchronization. Since all calls from TSPs (no matter if they were received via SOAP, RMI, ...) have to pass the TCSI implemented in this class, it is the logical point for implementing synchronization. Methods (or data) that are beyond (or more precisely below) the TCSI do not require explicit synchronization since it can safely be assumed that only one thread at a time can be beyond this point.


Constructor Summary
TcTcsi()
           
 
Method Summary
static java.lang.Object[] TcsEstablishTransport(long hContext, long tcsEncKeyHandle, TcTpmTransportPublic transPublic, TcBlobData secret, TcTcsAuth inAuth1)
          TODO (transport): implement Tcsip method signature
static java.lang.Object[] TcsExecuteTransport(long hContext, TcBlobData wrappedCmd, long transHandle, TcTcsAuth inAuth1)
          TODO (transport): implement Tcsip method signature
static long TcsiCloseContext(long hContext)
           
static TcTssKmKeyinfo[] TcsiEnumRegisteredKeys(long hContext, TcTssUuid keyUuid)
          This method allows obtaining an array of TcTssKmKeyinfo structures.
static long TcsiFreeMemory(long hContext, long pMemory)
           
static TcBlobData TcsiGetCapability(long hContext, long capArea, TcBlobData subCap)
           
static java.lang.Object[] TcsiGetCredentials(long hContext)
          This method returns the endorsement, platform, and conformance credentials for a platform.
static TcTssPcrEvent TcsiGetPcrEvent(long hContext, long pcrIndex, long number)
          This method is used to retrieve events logged with TcsiLogPcrEvent(long, TcTssPcrEvent).
static long TcsiGetPcrEventCount(long hContext, long pcrIndex)
          This method returns the number of events logged with TcsiLogPcrEvent(long, TcTssPcrEvent).
static TcTssPcrEvent[] TcsiGetPcrEventLog(long hContext)
          This method returns the event log of all events since the TPM was initialized.
static TcTssPcrEvent[] TcsiGetPcrEventsByPcr(long hContext, long pcrIndex, long firstEvent, long eventCount)
          This method returns an event log bound to a single PCR.
static TcTssKmKeyinfo TcsiGetRegisteredKey(long hContext, TcTssUuid keyUuid)
          This method allows obtaining a TcTssKmKeyinfo structure containing information about the registered key.
static TcBlobData TcsiGetRegisteredKeyBlob(long hContext, TcTssUuid keyUuid)
          This method returns the key blob (either TcTpmKey or TcTpmKey12) of the key with the given UUID.
static TcBlobData TcsiGetRegisteredKeyByPublicInfo(long hContext, long algId, TcBlobData publicInfo)
          This method returns the key blob specified by the publicInfo parameter.
static long TcsiLogPcrEvent(long hContext, TcTssPcrEvent pcrEvent)
          This method adds a new event to the end of the array associated with the named PCR.
static java.lang.Object[] TcsiOpenContext()
           
static java.lang.Object[] TcsipActivateTpmIdentity(long hContext, long tcsIdKeyHandle, TcBlobData blob, TcTcsAuth inKeyAuth, TcTcsAuth inOwnerAuth)
          The purpose of this method is twofold: The first purpose is to obtain assurance that the credential in the TPM_SYM_CA_ATTESTATION is for this TPM.
static java.lang.Object[] TcsipAuthorizeMigrationKey(long hContext, int migrationScheme, TcTpmPubkey migrationKey, TcTcsAuth ownerAuth)
          This method creates an authorization blob to allow the TPM owner to specify which migration facility they will use and allow users to migrate information without further involvement with the TPM owner.
static java.lang.Object[] TcsipCertifyKey(long hContext, long tcsCertHandle, long tcsKeyHandle, TcTpmNonce antiReplay, TcTcsAuth certAuth, TcTcsAuth keyAuth)
          This method allows a key to certify the public portion of certain storage and signing keys.
static java.lang.Object[] TcsipCertifyKey2(long hContext, long tcsCertHandle, long tcsKeyHandle, TcTpmDigest migrationPubDigest, TcTpmNonce antiReplay, TcTcsAuth certAuth, TcTcsAuth keyAuth)
          This method allows a key to certify the public portion of certifiable migratable storage and signing keys.
static java.lang.Object[] TcsipChangeAuth(long hContext, long tcsParentKeyHandle, int protocolID, TcTpmEncauth newAuth, int entityType, TcBlobData encData, TcTcsAuth ownerAuth, TcTcsAuth entityAuth)
          This method allows the owner of an entity to change the authorization data for the entity.
static java.lang.Object[] TcsipChangeAuthAsymFinish(long hContext, long tcsParentKeyHandle, long tcsEphHandle, int entityType, TcTpmDigest newAuthLink, TcBlobData encNewAuth, TcBlobData encData, TcTcsAuth inAuth)
          This method completes the process of changing authorization for an entity.
static java.lang.Object[] TcsipChangeAuthAsymStart(long hContext, long tcsKeyHandle, TcTpmNonce antiReplay, TcTpmKeyParms tempKeyInfo, TcTcsAuth inAuth)
          This method starts the process of changing authorization for an entity.
static java.lang.Object[] TcsipChangeAuthOwner(long hContext, int protocolID, TcTpmEncauth newAuth, int entityType, TcTcsAuth ownerAuth)
          This method allows the owner of an entity to change the authorization data fro the TPM owner or the SRK.
static java.lang.Object[] TcsipCmkApproveMA(long hContext, TcTpmDigest migrationAuthorityDigest, TcTcsAuth ownerAuth)
          This command is used to create an authorization ticket, to allow the TPM owner to specify/select one or more migration authorities they approve and allow user to generate CMKs without further involvement of the owner.
static java.lang.Object[] TcsipCmkConvertMigration(long hContext, long tcsParentKeyHandle, TcTpmCmkAuth restrictTicket, TcTpmDigest sigTicket, TcTpmKey12 migratedKey, TcTpmMsaComposite msaList, TcBlobData random, TcTcsAuth parentAuth)
          This command is used as the final step to finish migrating a key to a new TPM.
static java.lang.Object[] TcsipCmkCreateBlob(long hContext, long tcsParentKeyHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcTpmDigest pubSourceKeyDigest, TcTpmMsaComposite msaList, TcBlobData restrictTicket, TcBlobData sigTicket, TcBlobData encData, TcTcsAuth parentAuth)
          This command is similar to TcspiCreateMigrationBlob, except that it uses migration authority data whose migration data are independent from tpmProof.
static java.lang.Object[] TcsipCmkCreateKey(long hContext, long tcsParentKeyHandle, TcTpmEncauth keyDataUsageAuth, TcTpmDigest migrationAuthorityApproval, TcTpmDigest migrationAuthorityDigest, TcTpmKey12 keyInfo, TcTcsAuth inAuth)
          This command both generates and creates a secure storage bundle for asymmetric keys whose migration is controlled/restricted by a migration authority.
static java.lang.Object[] TcsipCmkCreateTicket(long hContext, TcTpmPubkey pubVerificationKey, TcTpmDigest signedData, TcBlobData signatureValue, TcTcsAuth ownerAuth)
          This owner controlled command uses a public key to verify the signature over a digest.
static java.lang.Object[] TcsipCmkSetRestrictions(long hContext, long restriction, TcTcsAuth ownerAuth)
          This command is used by the owner to order the usage of a CMK with delegated authorization.
static java.lang.Object[] TcsipContinueSelfTest(long hContext)
          This method informs the TPM that it may complete the self test of all TPM functions.
static java.lang.Object[] TcsipConvertMigrationBlob(long hContext, long tcsParentKeyHandle, TcBlobData inData, TcBlobData random, TcTcsAuth parentAuth)
          This method takes a migration blob and creates a normal wrapped blob.
static java.lang.Object[] TcsipCreateCounter(long hContext, TcBlobData label, TcTpmEncauth encAuth, TcTcsAuth ownerAuth)
          This method creates a new counter in the TPM.
static java.lang.Object[] TcsipCreateEndorsementKeyPair(long hContext, TcTpmNonce antiReplay, TcTpmKeyParms keyInfo)
          This method generates the endorsement key pair.
static java.lang.Object[] TcsipCreateMaintenanceArchive(long hContext, boolean generateRandom, TcTcsAuth ownerAuth)
          This method creates a TPM maintenance archive.
static java.lang.Object[] TcsipCreateMigrationBlob(long hContext, long tcsParentKeyHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcBlobData encData, TcTcsAuth parentAuth, TcTcsAuth entityAuth)
          This method implements the first step in the process of moving a migratable key to a new parent key or platform.
static java.lang.Object[] TcsipCreateRevocableEK(long hContext, TcTpmNonce antiReplay, TcTpmKeyParms keyInfo, boolean generateReset, TcTpmNonce inputEKreset)
          This method generates the revocable endorsement key pair.
static java.lang.Object[] TcsipCreateWrapKey(long hContext, long tcsHParentKey, TcTpmEncauth keyUsageAuth, TcTpmEncauth keyMigrationAuth, TcITpmKeyNew keyInfo, TcTcsAuth inAuth)
          This method allows creating a new key, which is wrapped by the already loaded wrapping key.
static java.lang.Object[] TcsipDaaJoin(long hContext, long handle, short stage, TcBlobData inputData0, TcBlobData inputData1, TcTcsAuth ownerAuth)
          This method executes a TPM DAA join command.
static java.lang.Object[] TcsipDaaSign(long hContext, long handle, short stage, TcBlobData inputData0, TcBlobData inputData1, TcTcsAuth ownerAuth)
          This method executes a TPM DAA sign command.
static java.lang.Object[] TcsipDelegateCreateKeyDelegation(long hContext, long tcsKeyHandle, TcTpmDelegatePublic publicInfo, TcTpmEncauth encDelAuth, TcTcsAuth keyAuth)
          This method is used to delegate the privilege to us a key by creating a blob that can be used TPM_DSAP.
static java.lang.Object[] TcsipDelegateCreateOwnerDelegation(long hContext, boolean increment, TcTpmDelegatePublic publicInfo, TcTpmEncauth encDelAuth, TcTcsAuth ownerAuth)
          This method is used to delegate owner privileges to use a set of command ordinals by creating a blob.
static java.lang.Object[] TcsipDelegateLoadOwnerDelegation(long hContext, long index, TcTpmDelegateOwnerBlob blob, TcTcsAuth ownerAuth)
          This method is used to load an owner delegation blob into the TPM non-volatile delegation table.
static java.lang.Object[] TcsipDelegateManage(long hContext, long familyID, long opFlag, TcBlobData opData, TcTcsAuth ownerAuth)
          This command is authorized either by the TPM owner or by physical presence.
static java.lang.Object[] TcsipDelegateReadTable(long hContext)
          This command is used to read from the TPM the public contents of the family and delegate tables that are stored on the TPM.
static java.lang.Object[] TcsipDelegateUpdateVerificationCount(long hContext, TcBlobData inputData, TcTcsAuth ownerAuth)
          This method sets the cerificationCount in an entity (a blob or a delegation row) to the current family value, in order that the delegations represented by that entity will continue to be accepted by the TPM.
static java.lang.Object[] TcsipDelegateVerifyDelegation(long hContext, TcBlobData delegation)
          This method interprets a delegate blob and returns success or failure, depending on whether the blob is currently valid.
static java.lang.Object[] TcsipDirRead(long hContext, long dirIndex)
          This method provides read access to the Data Integrity Registers.
static java.lang.Object[] TcsipDirWriteAuth(long hContext, long dirIndex, TcTpmDigest newContents, TcTcsAuth inAuth)
          This method provides write access to the Data Integrity Registers.
static java.lang.Object[] TcsipDisableForceClear(long hContext)
          This command disables the execution of the ForceClear command until next startup cycle.
static java.lang.Object[] TcsipDisableOwnerClear(long hContext, TcTcsAuth ownerAuth)
          This command disables the ability to execute the OwnerClear command permanently.
static java.lang.Object[] TcsipDisablePubekRead(long hContext, TcTcsAuth ownerAuth)
          This method returns the public portion of the endorsement key.
static java.lang.Object[] TcsipDSAP(long hContext, int entityType, long tcsKeyHandle, TcTpmNonce nonceOddDSAP, TcBlobData entityValue)
          This method opens a delegated authorization session.
static java.lang.Object[] TcsipEvictKey(long hContext, long tcsKeyHandle)
          This method allows to flush a key from the key cache.
static java.lang.Object[] TcsipExtend(long hContext, long pcrNum, TcTpmDigest inDigest)
          This command causes the modification of a specific PCR register.
static java.lang.Object[] TcsipFieldUpgrade(long hContext, TcBlobData inData, TcTcsAuth ownerAuth)
          This command provides a mechanism that allows a vendor to update the protected capabilities once a TPM is in the field.
static java.lang.Object[] TcsipForceClear(long hContext)
          This method performs the clear operation under physical presence.
static java.lang.Object[] TcsipGetAuditDigest(long hContext, long startOrdinal)
          This method gets the digest of audited ordinals.
static java.lang.Object[] TcsipGetAuditDigestSigned(long hContext, long tcsKeyHandle, boolean closeAudit, TcTpmNonce antiReplay, TcTcsAuth inAuth)
          This method gets the signed digest of audited ordinals.
static java.lang.Object[] TcsipGetCapability(long hContext, long capArea, TcBlobData subCap)
          This method allows the TPM to report back the requestor what type of TPM it is dealing with.
static java.lang.Object[] TcsipGetCapabilityOwner(long hContext, TcTcsAuth ownerAuth)
          This method enables the TPM owner to retrieve information belonging to the TPM owner.
static java.lang.Object[] TcsipGetPubKey(long hContext, long tcsKeyHandle, TcTcsAuth inAuth)
          This method allows obtaining the public key data of a key loaded in the TPM.
static java.lang.Object[] TcsipGetRandom(long hContext, long bytesRequested)
          This method returns the next bytesRequested bytes from the random number generator to the caller.
static java.lang.Object[] TcsipGetTestResult(long hContext)
          This method provides manufacturer specific information regarding the results of the self-test.
static java.lang.Object[] TcsipIfxReadTpm11EkCert(long hContext, byte index, TcBlobData antiReplay)
          Vendor specific for Infineon 1.1b TPMs.
static java.lang.Object[] TcsipIncrementCounter(long hContext, long countID, TcTcsAuth counterAuth)
          This method selects a counter if one has not yet been selected, and increments that counter register.
static void TcsipKeyControlOwner(long hContext, long tcsKeyHandle, long attribName, long attribValue, TcTcsAuth ownerAuth, TcTssUuid uuidData)
          Tcsip_KeyControlOwner controls attributes of a loaded key.
static java.lang.Object[] TcsipKillMaintenanceFeature(long hContext, TcTcsAuth ownerAuth)
          This method is a permanent action that prevents ANYONE from creating a TPM maintenance archive until a new TPM owner is set.
static java.lang.Object[] TcsipLoadKey2ByBlob(long hContext, long tcsUnwrappingKey, TcITpmKey wrappedKeyBlob, TcTcsAuth inAuth)
           
static java.lang.Object[] TcsipLoadKeyByBlob(long hContext, long hUnwrappingKey, TcTpmKey wrappedKeyBlob, TcTcsAuth inAuth)
           
static long TcsipLoadKeyByUuid(long hContext, TcTssUuid keyUuid, TcTcsLoadkeyInfo loadKeyInfo)
           
static java.lang.Object[] TcsipLoadMaintenanceArchive(long hContext, TcBlobData inData, TcTcsAuth ownerAuth)
          This method loads a TPM maintenance archive that has been massaged by the manufacturer to load into another TPM.
static java.lang.Object[] TcsipLoadManuMaintPub(long hContext, TcTpmNonce antiReplay, TcTpmPubkey pubKey)
          This method loads the TPM manufactuerer's public key for use in the maintenance process.
static java.lang.Object[] TcsipMakeIdentity(long hContext, TcTpmEncauth identityAuth, TcTpmDigest labelPrivCADigest, TcITpmKeyNew idKeyParams, TcTcsAuth inAuth1, TcTcsAuth inAuth2)
          This method allows creating a TPM identity and additionally returns the endorsement credential, the platform credential and the conformance credential.
static java.lang.Object[] TcsipMakeIdentity2(long hContext, TcTpmEncauth identityAuth, TcTpmDigest labelPrivCADigest, TcITpmKeyNew idKeyParams, TcTcsAuth inAuth1, TcTcsAuth inAuth2)
          This method performs the TPM operations necessary to create an identity key.
static java.lang.Object[] TcsipMigrateKey(long hContext, long tcsMaKeyHandle, TcTpmPubkey pubKey, TcBlobData inData, TcTcsAuth ownerAuth)
          This method performs the function of a migration authority.
static java.lang.Object[] TcsipNvDefineOrReleaseSpace(long hContext, TcTpmNvDataPublic pubInfo, TcTpmEncauth encAuth, TcTcsAuth inAuth)
          This command sets aside space in the TPM NVRAM and defines the access requirements necessary to read and write that space.
static java.lang.Object[] TcsipNvReadValue(long hContext, long nvIndex, long offset, long dataSz, TcTcsAuth inAuth1)
          This method reads a value from the NV store.
static java.lang.Object[] TcsipNvReadValueAuth(long hContext, long nvIndex, long offset, long dataLength, TcTcsAuth inAuth)
          This method reads a value from the NV store.
static java.lang.Object[] TcsipNvWriteValue(long hContext, long nvIndex, long offset, TcBlobData data, TcTcsAuth inAuth)
          This command writes the value to a defined area.
static java.lang.Object[] TcsipNvWriteValueAuth(long hContext, long nvIndex, long offset, TcBlobData data, TcTcsAuth inAuth)
          This command writes a previously defined area.
static java.lang.Object[] TcsipOIAP(long hContext)
          This method allows the creation of an authorization handle and the tracking of the handle by the TPM.
static java.lang.Object[] TcsipOSAP(long hContext, int entityType, long entityValue, TcTpmNonce nonceOddOSAP)
          This method creates the authorization handle, the shared secret and generates nonceEven and nonceEvenOSAP.
static java.lang.Object[] TcsipOwnerClear(long hContext, TcTcsAuth ownerAuth)
          This command clears the TPM under owner authorization.
static java.lang.Object[] TcsipOwnerReadInternalPub(long hContext, long tcsKeyHandle, TcTcsAuth inAuth)
          This method allows the TPM owner to read the public SRK key or the internal public EK key.
static java.lang.Object[] TcsipOwnerReadPubek(long hContext, TcTcsAuth ownerAuth)
          This method allows the TPM owner to read the public endorsement key.
static java.lang.Object[] TcsipOwnerSetDisable(long hContext, boolean disableState, TcTcsAuth ownerAuth)
          This method is used to change the status of the TPM_PERSISTENT_DISABLE flag.
static java.lang.Object[] TcsipPcrRead(long hContext, long pcrNum)
          This method provides a non-cryptographic reporting of the contents of a named PCR.
static java.lang.Object[] TcsipPcrReset(long hContext, TcTpmPcrSelection pcrSelection)
          This method resets a PCR register.
static java.lang.Object[] TcsipPhysicalDisable(long hContext)
          This method disables the TPM physical presence.
static java.lang.Object[] TcsipPhysicalEnable(long hContext)
          This method enables the TPM physical presence.
static java.lang.Object[] TcsipPhysicalPresence(long hContext, int physicalPresence)
          This method sets the physical presence flags.
static java.lang.Object[] TcsipPhysicalSetDeactivated(long hContext, boolean state)
          This method sets the TPM_PERSITSTENT_FLAGS.deactivated flag to the value in the state parameter.
static java.lang.Object[] TcsipQuote(long hContext, long tcsKeyHandle, TcTpmNonce antiReplay, TcTpmPcrSelection targetPCR, TcTcsAuth inAuth)
          This command provides cryptographic reporting of PCR values.
static java.lang.Object[] TcsipQuote2(long hContext, long tcsKeyHandle, TcTpmNonce antiReplay, TcTpmPcrSelection targetPCR, boolean addVersion, TcTcsAuth inAuth)
          This command provides cryptographic reporting of PCR values.
static java.lang.Object[] TcsipReadCounter(long hContext, long countID)
          This method reads the current value of a counter register.
static java.lang.Object[] TcsipReadCurrentTicks(long hContext)
          This method reads the current tick out of the TPM.
static java.lang.Object[] TcsipReadManuMaintPub(long hContext, TcTpmNonce antiReplay)
          This command is used to check whether the manufactuerer's public maintenance key in a TPM has the expected value.
static java.lang.Object[] TcsipReadPubek(long hContext, TcTpmNonce antiReplay)
          This method returns the public portion of the endorsement key.
static java.lang.Object[] TcsipReleaseCounter(long hContext, long countID, TcTcsAuth counterAuth)
          This method releases a counter so that no reads or increments of the indicated counter will succeed.
static java.lang.Object[] TcsipReleaseCounterOwner(long hContext, long countID, TcTcsAuth ownerAuth)
          This method releases a counter so that no reads or increments of the indicated counter will succeed.
static java.lang.Object[] TcsipResetLockValue(long hContext, TcTcsAuth ownerAuth)
          Resets the lock that get set in a TPM after multiple false authorization attempts.
static java.lang.Object[] TcsipRevokeEndorsementKeyPair(long hContext, TcTpmNonce ekReset)
          This method clears the TPM revocable endorsement key pair.
static java.lang.Object[] TcsipSeal(long hContext, long tcsKeyHandle, TcTpmEncauth encAuth, TcITpmPcrInfo pcrInfo, TcBlobData inData, TcTcsAuth inAuth)
          This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed.
static java.lang.Object[] TcsipSealx(long hContext, long tcsKeyHandle, TcTpmEncauth encAuth, TcTpmPcrInfoLong pcrInfo, TcBlobData inData, TcTcsAuth inAuth)
          This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed.
static java.lang.Object[] TcsipSelfTestFull(long hContext)
          This method triggers a test of all TPM protected capabilities.
static java.lang.Object[] TcsipSetCapability(long hContext, long capArea, TcBlobData subCap, TcBlobData value, TcTcsAuth ownerAuth)
          This method allows the caller to set values in the TPM.
static java.lang.Object[] TcsipSetOperatorAuth(long hContext, TcTpmSecret operatorAuth)
          Sets the operator authorization value for the platform.
static java.lang.Object[] TcsipSetOrdinalAuditStatus(long hContext, TcTcsAuth ownerAuth, long ordinalToAudit, boolean auditState)
          This command sets the audit flag for a given ordinal.
static java.lang.Object[] TcsipSetOwnerInstall(long hContext, boolean state)
          This method determines if the TPM has a current owner.
static java.lang.Object[] TcsipSetRedirection(long hContext, long tcsKeyHandle, long redirCmd, TcBlobData inputData, TcTcsAuth inAuth)
          Redirected keys enable the output of a TPM to be directed to non-TCG security functions in the platform, without exposing that output to non-security functions.
static java.lang.Object[] TcsipSetTempDeactivated(long hContext, TcTcsAuth operatorAuth)
          This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.
static java.lang.Object[] TcsipSetTempDeactivatedNoAuth(long hContext)
          This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.
static java.lang.Object[] TcsipSign(long hContext, long tcsKeyHandle, TcBlobData areaToSign, TcTcsAuth inAuth)
          This method signs a digest and returns the resulting digital signature.
static java.lang.Object[] TcsipStirRandom(long hContext, TcBlobData inData)
          This method adds entropy to the RNG state.
static java.lang.Object[] TcsipTakeOwnership(long hContext, int protocolID, TcBlobData encOwnerAuth, TcBlobData encSrkAuth, TcITpmKeyNew srkParams, TcTcsAuth inAuth)
          This method inserts the Owner-authorization data and creates a new Storage Root Key (SRK).
static java.lang.Object[] TcsipTerminateHandle(long hContext, long handle)
          This method allows the TPM driver to clear out information in an authorization handle.
static java.lang.Object[] TcsipTickStampBlob(long hContext, long keyHandle, TcTpmNonce antiReplay, TcTpmDigest digestToStamp, TcTcsAuth privAuth)
          This method is similar to a time stamp: it associates a tick value with a blob, indicating that the blob existed at some point earlier than the time corresponding to the tick value.
static java.lang.Object[] TcsipUnBind(long hContext, long tcsKeyHandle, TcBlobData inData, TcTcsAuth inAuth)
          This method takes the data blob that is the result of a bind command and decrypts it for export to the user.
static java.lang.Object[] TcsipUnseal(long hContext, long tcsKeyHandle, TcITpmStoredData inData, TcTcsAuth keyAuth, TcTcsAuth dataAuth)
          This method will reveal sealed data only if it was encrypted on this platform and the current configuration (defined by the named PCRs) is the one named as qualified to decrypt it.
static void TcsiRegisterKey(long hContext, TcTssUuid wrappingKeyUuid, TcTssUuid keyUuid, TcBlobData key, TcBlobData vendorData)
          Tcsi_RegisterKey allows registering a key in the TCS Persistent Storage (PS).
static void TcsiUnregisterKey(long hContext, TcTssUuid keyUuid)
          A key once registered in the TCS PS can be unregistered from the PS, if that key is not required any longer.
static java.lang.Object[] TcsReleaseTransportSigned(long hContext, long tcsKeyHandle, TcTpmNonce antiReplay, long transHandle, TcTcsAuth inAuth1, TcTcsAuth inAuth2)
          TODO (transport): implement Tcsip method signature
static java.lang.Object[] TcsSHA1Complete(long hContext, TcBlobData hashData)
           
static java.lang.Object[] TcsSHA1CompleteExtend(long hContext, long pcrNum, TcBlobData hashData)
           
static java.lang.Object[] TcsSHA1Start(long hContext)
           
static java.lang.Object[] TcsSHA1Update(long hContext, long numBytes, TcBlobData hashData)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TcTcsi

public TcTcsi()
Method Detail

TcsiOpenContext

public static java.lang.Object[] TcsiOpenContext()

TcsiCloseContext

public static long TcsiCloseContext(long hContext)
                             throws TcTcsException,
                                    TcTpmException,
                                    TcTddlException
Throws:
TcTcsException
TcTpmException
TcTddlException

TcsiFreeMemory

public static long TcsiFreeMemory(long hContext,
                                  long pMemory)
                           throws TcTcsException
Throws:
TcTcsException

TcsiGetCapability

public static TcBlobData TcsiGetCapability(long hContext,
                                           long capArea,
                                           TcBlobData subCap)
                                    throws TcTcsException
Throws:
TcTcsException

TcsiLogPcrEvent

public static long TcsiLogPcrEvent(long hContext,
                                   TcTssPcrEvent pcrEvent)
                            throws TcTcsException
This method adds a new event to the end of the array associated with the named PCR. This command adds supporting information for the named TcTssPcrEvent event to the end of the event log. The TCS MUST maintain an array of event-supporting data with events identified by the register to which they belong and the order in which the events occurred. The log need not be in a TCG-shielded location, and the Tcsi_LogPcrEvent action need not be a TCG-protected capability.

Parameters:
hContext - Handle to established context.
pcrEvent - Details of the event being logged.
Returns:
The number of the event just logged is returned in this variable. The TCS number events for each PCR monotonically from 0.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiGetPcrEvent

public static TcTssPcrEvent TcsiGetPcrEvent(long hContext,
                                            long pcrIndex,
                                            long number)
                                     throws TcTcsException
This method is used to retrieve events logged with TcsiLogPcrEvent(long, TcTssPcrEvent). This method needs not to be a protected capability and the log events retrieved need not to be in a shielded location. The command retrieves events previously logged using TcsiLogPcrEvent(long, TcTssPcrEvent). The format of the data returned is identical to that previously logged. This operation retrieves log entries by PCR index and event number. On TCS initialization the event log for each PCR is empty. Then, for each PCR, the first event logged is numbered 0; the next is numbered 1, and so on. Attempts to receive log items beyond the end of the log return an error.

Parameters:
hContext - Handle to the established context.
pcrIndex - The index of the PCR.
number - The number events required. Events are numbered from 0 to the number of events logged on the named PCR.
Returns:
TcTssPcrEvent holding the retrieved event.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiGetPcrEventCount

public static long TcsiGetPcrEventCount(long hContext,
                                        long pcrIndex)
                                 throws TcTcsException
This method returns the number of events logged with TcsiLogPcrEvent(long, TcTssPcrEvent).

Parameters:
hContext - Handle to the established context.
pcrIndex - The index of the PCR.
Returns:
The number of elements found matching the given criteria.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiGetPcrEventsByPcr

public static TcTssPcrEvent[] TcsiGetPcrEventsByPcr(long hContext,
                                                    long pcrIndex,
                                                    long firstEvent,
                                                    long eventCount)
                                             throws TcTcsException
This method returns an event log bound to a single PCR. The event log is returned as an ordered sequence of TcTssPcrEvent structures. The caller can limit the size of the returned array using eventCount. The caller can also specify the number of the first event on the returned event log using firstEvent. This allow the caller to retrieve the event log step by step, or to retrieve a partial event log when required. The array elements are of variable size, and the TcTssPcrEvent structure defines the size of the current event and the register with which it is associated.

Parameters:
hContext - Handle to the established context.
pcrIndex - The index of the PCR.
firstEvent - The number of the first event in the returned array.
eventCount - The max number of events to returned. Set to -1 to return all events for the PCR.
Returns:
The event array as defined by the parameters.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiGetPcrEventLog

public static TcTssPcrEvent[] TcsiGetPcrEventLog(long hContext)
                                          throws TcTcsException
This method returns the event log of all events since the TPM was initialized. The event log is returned as an ordered sequence of TcTssPcrEvent structures in the following order: all events bound to PCR 0 (in the order they have arrived), all events bound to PCR 1 (in the order they have arrived), etc. If the event log is empty, an empty array is returned.

Parameters:
hContext - Handle to the established context.
Returns:
Array holding all the events collected up to this point.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiRegisterKey

public static void TcsiRegisterKey(long hContext,
                                   TcTssUuid wrappingKeyUuid,
                                   TcTssUuid keyUuid,
                                   TcBlobData key,
                                   TcBlobData vendorData)
                            throws TcTssException
Tcsi_RegisterKey allows registering a key in the TCS Persistent Storage (PS). Only system specific keys (keys definitely bound to a certain system) should be registered in TCS PS. A key can be registered in TCS PS by providing: a) A UUID for that key, b) A UUID for its wrapping parent key and c) The key blob itself. If the same UUID is used to register a key on different systems this key can be addressed on different systems by the same UUID. This may be done for a basic roaming key, which will wrap all user storage keys in the appropriate key hierarchy.

Parameters:
hContext - Handle to established context.
wrappingKeyUuid - UUID of the already registered wrapping parent key.
keyUuid - Id of the key to be registered.
key - The key blob to be stored in the persistent storage.
vendorData - Vendor specific data (currently ignored).
Throws:
{@link - TcTcsException}
TcTssException

TcsiUnregisterKey

public static void TcsiUnregisterKey(long hContext,
                                     TcTssUuid keyUuid)
                              throws TcTssException
A key once registered in the TCS PS can be unregistered from the PS, if that key is not required any longer.

Parameters:
hContext - Handle to established context.
keyUuid - UUID by which the key is registered.
Throws:
{@link - TcTcsException}
TcTssException

TcsipKeyControlOwner

public static void TcsipKeyControlOwner(long hContext,
                                        long tcsKeyHandle,
                                        long attribName,
                                        long attribValue,
                                        TcTcsAuth ownerAuth,
                                        TcTssUuid uuidData)
                                 throws TcTcsException
Tcsip_KeyControlOwner controls attributes of a loaded key. This command requires owner authorization.

Parameters:
hContext - Handle to established context.
tcsKeyHandle - Application key handle.
attribName - Attribute name.
attribValue - Attribute value.
ownerAuth - Owner authorization session data.
uuidData - The UUID the key was registered as a TPM resident key.
Throws:
{@link - TcTcsException}
TcTcsException

TcsiEnumRegisteredKeys

public static TcTssKmKeyinfo[] TcsiEnumRegisteredKeys(long hContext,
                                                      TcTssUuid keyUuid)
                                               throws TcTssException
This method allows obtaining an array of TcTssKmKeyinfo structures. This information reflects the registered key hierarchy. The caller will receive information of the whole key hierarchy. The keys stored in the persistent storage are totally independent from either the context provided in the function call or the context, which was provided while processing the key registration.

Parameters:
hContext - Handle to established context.
keyUuid - UUID of key the key hierarchy should be returned of. If NULL, the whole key hierarchy will be returned.
Returns:
Array of TcTssKmKeyinfo structures
Throws:
{@link - TcTcsException}
TcTssException

TcsiGetRegisteredKey

public static TcTssKmKeyinfo TcsiGetRegisteredKey(long hContext,
                                                  TcTssUuid keyUuid)
                                           throws TcTssException
This method allows obtaining a TcTssKmKeyinfo structure containing information about the registered key.

Parameters:
hContext - Handle to established context.
keyUuid - UUID of the key information is required.
Returns:
TcTssKmKeyinfo structure
Throws:
{@link - TcTssException}
TcTssException

TcsiGetRegisteredKeyBlob

public static TcBlobData TcsiGetRegisteredKeyBlob(long hContext,
                                                  TcTssUuid keyUuid)
                                           throws TcTssException
This method returns the key blob (either TcTpmKey or TcTpmKey12) of the key with the given UUID.

Parameters:
hContext - Handle to established context.
keyUuid - UUID of the key to be returned.
Returns:
TcBlobData (either TcTpmKey or TcTpmKey12)
Throws:
{@link - TcTssException}
TcTssException

TcsiGetRegisteredKeyByPublicInfo

public static TcBlobData TcsiGetRegisteredKeyByPublicInfo(long hContext,
                                                          long algId,
                                                          TcBlobData publicInfo)
                                                   throws TcTssException
This method returns the key blob specified by the publicInfo parameter. Note that the publicInfo parameter is the public part of a key (an instance of TcTpmStorePubkey.

Parameters:
hContext - Handle to established context.
algId - Algorithm ID for public key.
publicInfo - Public key.
Returns:
TcBlobData (either TcTpmKey or TcTpmKey12)
Throws:
{@link - TcTssException}
TcTssException

TcsipLoadKeyByUuid

public static long TcsipLoadKeyByUuid(long hContext,
                                      TcTssUuid keyUuid,
                                      TcTcsLoadkeyInfo loadKeyInfo)
                               throws TcTssException
Parameters:
hContext -
keyUuid - The UUID of the key to be loaded.
loadKeyInfo - Information required to load a key if authorization is required.
Returns:
The TCS key handle of the loaded key.
Throws:
TcTssException

TcsipLoadKeyByBlob

public static java.lang.Object[] TcsipLoadKeyByBlob(long hContext,
                                                    long hUnwrappingKey,
                                                    TcTpmKey wrappedKeyBlob,
                                                    TcTcsAuth inAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipLoadKey2ByBlob

public static java.lang.Object[] TcsipLoadKey2ByBlob(long hContext,
                                                     long tcsUnwrappingKey,
                                                     TcITpmKey wrappedKeyBlob,
                                                     TcTcsAuth inAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipEvictKey

public static java.lang.Object[] TcsipEvictKey(long hContext,
                                               long tcsKeyHandle)
                                        throws TcTddlException,
                                               TcTpmException,
                                               TcTcsException
This method allows to flush a key from the key cache.

Parameters:
hContext - The context the call is associated with.
tcsKeyHandle - The TCS key handle of the key to be evicted.
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOwnerReadInternalPub

public static java.lang.Object[] TcsipOwnerReadInternalPub(long hContext,
                                                           long tcsKeyHandle,
                                                           TcTcsAuth inAuth)
                                                    throws TcTddlException,
                                                           TcTpmException,
                                                           TcTcsException
This method allows the TPM owner to read the public SRK key or the internal public EK key.

Parameters:
hContext -
tcsKeyHandle -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetPubKey

public static java.lang.Object[] TcsipGetPubKey(long hContext,
                                                long tcsKeyHandle,
                                                TcTcsAuth inAuth)
                                         throws TcTddlException,
                                                TcTpmException,
                                                TcTcsException
This method allows obtaining the public key data of a key loaded in the TPM. This information may have privacy concerns so the command must have authorization from the key owner.

Parameters:
hContext -
tcsKeyHandle -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCreateWrapKey

public static java.lang.Object[] TcsipCreateWrapKey(long hContext,
                                                    long tcsHParentKey,
                                                    TcTpmEncauth keyUsageAuth,
                                                    TcTpmEncauth keyMigrationAuth,
                                                    TcITpmKeyNew keyInfo,
                                                    TcTcsAuth inAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method allows creating a new key, which is wrapped by the already loaded wrapping key.

Parameters:
hContext -
tcsHParentKey -
keyUsageAuth -
keyMigrationAuth -
keyInfo -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipMakeIdentity2

public static java.lang.Object[] TcsipMakeIdentity2(long hContext,
                                                    TcTpmEncauth identityAuth,
                                                    TcTpmDigest labelPrivCADigest,
                                                    TcITpmKeyNew idKeyParams,
                                                    TcTcsAuth inAuth1,
                                                    TcTcsAuth inAuth2)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method performs the TPM operations necessary to create an identity key. It is identical to TcsipMakeIdentity except that it does not return the associated credentials. This can be used in conjunction with TcsipGetCredentials to duplicate the functionality of TcsipMakeIdentity.

Parameters:
hContext -
identityAuth -
labelPrivCADigest -
idKeyParams -
inAuth1 -
inAuth2 -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipMakeIdentity

public static java.lang.Object[] TcsipMakeIdentity(long hContext,
                                                   TcTpmEncauth identityAuth,
                                                   TcTpmDigest labelPrivCADigest,
                                                   TcITpmKeyNew idKeyParams,
                                                   TcTcsAuth inAuth1,
                                                   TcTcsAuth inAuth2)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This method allows creating a TPM identity and additionally returns the endorsement credential, the platform credential and the conformance credential. These three credentials are stored TCS vendor specific. For Infineon 1.1 TPMs, the EK credential is contained in the chip which is extracted by this method. For 1.2 TPMs, the EK credential is stored in the NV storage. If the TPM is an 1.2 TPM this method tries to read the EK credential form the NV storage.

Parameters:
hContext -
identityAuth -
labelPrivCADigest -
idKeyParams -
inAuth1 -
inAuth2 -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsiGetCredentials

public static java.lang.Object[] TcsiGetCredentials(long hContext)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method returns the endorsement, platform, and conformance credentials for a platform. These are the same credentials returned by Tcsip_MakeIdentity; however this function only returns the credentials, it does not create an identity key. This function is intended to allow the TSP to retrieve the credentials when an identity key is created by a method other than TcsipMakeIdentity.
Implementation note: If possible (i.e. for Infineon 1.1 and 1.2 TPMs) the EK certificate is read directly from the TPM.

Parameters:
hContext -
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipSelfTestFull

public static java.lang.Object[] TcsipSelfTestFull(long hContext)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This method triggers a test of all TPM protected capabilities.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipContinueSelfTest

public static java.lang.Object[] TcsipContinueSelfTest(long hContext)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method informs the TPM that it may complete the self test of all TPM functions.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetTestResult

public static java.lang.Object[] TcsipGetTestResult(long hContext)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method provides manufacturer specific information regarding the results of the self-test. This command will work when the TPM is in self-test failure mode.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetOwnerInstall

public static java.lang.Object[] TcsipSetOwnerInstall(long hContext,
                                                      boolean state)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method determines if the TPM has a current owner. The TPM validates the assertion of physical access and then sets the value of TPM_PERSISTENT_FLAGS.ownership to the value in the state.

Parameters:
hContext -
state -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOwnerSetDisable

public static java.lang.Object[] TcsipOwnerSetDisable(long hContext,
                                                      boolean disableState,
                                                      TcTcsAuth ownerAuth)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method is used to change the status of the TPM_PERSISTENT_DISABLE flag.

Parameters:
hContext -
disableState -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPhysicalEnable

public static java.lang.Object[] TcsipPhysicalEnable(long hContext)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
This method enables the TPM physical presence.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPhysicalDisable

public static java.lang.Object[] TcsipPhysicalDisable(long hContext)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method disables the TPM physical presence.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPhysicalSetDeactivated

public static java.lang.Object[] TcsipPhysicalSetDeactivated(long hContext,
                                                             boolean state)
                                                      throws TcTddlException,
                                                             TcTpmException,
                                                             TcTcsException
This method sets the TPM_PERSITSTENT_FLAGS.deactivated flag to the value in the state parameter.

Parameters:
hContext -
state -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetTempDeactivated

public static java.lang.Object[] TcsipSetTempDeactivated(long hContext,
                                                         TcTcsAuth operatorAuth)
                                                  throws TcTddlException,
                                                         TcTpmException,
                                                         TcTcsException
This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.

Parameters:
hContext -
operatorAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetTempDeactivatedNoAuth

public static java.lang.Object[] TcsipSetTempDeactivatedNoAuth(long hContext)
                                                        throws TcTddlException,
                                                               TcTpmException,
                                                               TcTcsException
This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM. This command requires physical presence.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetOperatorAuth

public static java.lang.Object[] TcsipSetOperatorAuth(long hContext,
                                                      TcTpmSecret operatorAuth)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
Sets the operator authorization value for the platform.

Parameters:
hContext -
operatorAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipTakeOwnership

public static java.lang.Object[] TcsipTakeOwnership(long hContext,
                                                    int protocolID,
                                                    TcBlobData encOwnerAuth,
                                                    TcBlobData encSrkAuth,
                                                    TcITpmKeyNew srkParams,
                                                    TcTcsAuth inAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method inserts the Owner-authorization data and creates a new Storage Root Key (SRK). This function fails if there is already a TPM owner set. After inserting the authorization data, this function creates the SRK. To validate that the operation completes successfully, The TPM HMACs the response.

Parameters:
hContext -
protocolID -
encOwnerAuth -
encSrkAuth -
srkParams -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOwnerClear

public static java.lang.Object[] TcsipOwnerClear(long hContext,
                                                 TcTcsAuth ownerAuth)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This command clears the TPM under owner authorization.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipForceClear

public static java.lang.Object[] TcsipForceClear(long hContext)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This method performs the clear operation under physical presence.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDisableOwnerClear

public static java.lang.Object[] TcsipDisableOwnerClear(long hContext,
                                                        TcTcsAuth ownerAuth)
                                                 throws TcTddlException,
                                                        TcTpmException,
                                                        TcTcsException
This command disables the ability to execute the OwnerClear command permanently.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDisableForceClear

public static java.lang.Object[] TcsipDisableForceClear(long hContext)
                                                 throws TcTddlException,
                                                        TcTpmException,
                                                        TcTcsException
This command disables the execution of the ForceClear command until next startup cycle.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPhysicalPresence

public static java.lang.Object[] TcsipPhysicalPresence(long hContext,
                                                       int physicalPresence)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method sets the physical presence flags.

Parameters:
hContext -
physicalPresence -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetCapability

public static java.lang.Object[] TcsipGetCapability(long hContext,
                                                    long capArea,
                                                    TcBlobData subCap)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method allows the TPM to report back the requestor what type of TPM it is dealing with.

Parameters:
hContext -
capArea -
subCap -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetCapability

public static java.lang.Object[] TcsipSetCapability(long hContext,
                                                    long capArea,
                                                    TcBlobData subCap,
                                                    TcBlobData value,
                                                    TcTcsAuth ownerAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method allows the caller to set values in the TPM. Information about the capArea and subCap is transmitted to the TPM without any interpretation by the TCS. The TPM will return an appropriate error on wrong values.

Parameters:
hContext -
capArea -
subCap -
value -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetCapabilityOwner

public static java.lang.Object[] TcsipGetCapabilityOwner(long hContext,
                                                         TcTcsAuth ownerAuth)
                                                  throws TcTddlException,
                                                         TcTpmException,
                                                         TcTcsException
This method enables the TPM owner to retrieve information belonging to the TPM owner.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetAuditDigest

public static java.lang.Object[] TcsipGetAuditDigest(long hContext,
                                                     long startOrdinal)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
This method gets the digest of audited ordinals.

Parameters:
hContext -
startOrdinal -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetAuditDigestSigned

public static java.lang.Object[] TcsipGetAuditDigestSigned(long hContext,
                                                           long tcsKeyHandle,
                                                           boolean closeAudit,
                                                           TcTpmNonce antiReplay,
                                                           TcTcsAuth inAuth)
                                                    throws TcTddlException,
                                                           TcTpmException,
                                                           TcTcsException
This method gets the signed digest of audited ordinals.

Parameters:
hContext -
tcsKeyHandle -
closeAudit -
antiReplay -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSetOrdinalAuditStatus

public static java.lang.Object[] TcsipSetOrdinalAuditStatus(long hContext,
                                                            TcTcsAuth ownerAuth,
                                                            long ordinalToAudit,
                                                            boolean auditState)
                                                     throws TcTddlException,
                                                            TcTpmException,
                                                            TcTcsException
This command sets the audit flag for a given ordinal. This command requires owner authorization.

Parameters:
hContext -
ordinalToAudit -
auditState -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipFieldUpgrade

public static java.lang.Object[] TcsipFieldUpgrade(long hContext,
                                                   TcBlobData inData,
                                                   TcTcsAuth ownerAuth)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This command provides a mechanism that allows a vendor to update the protected capabilities once a TPM is in the field. Note that this command is vendor specific!

Parameters:
hContext -
inData -
ownerAuth -
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipSetRedirection

public static java.lang.Object[] TcsipSetRedirection(long hContext,
                                                     long tcsKeyHandle,
                                                     long redirCmd,
                                                     TcBlobData inputData,
                                                     TcTcsAuth inAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
Redirected keys enable the output of a TPM to be directed to non-TCG security functions in the platform, without exposing that output to non-security functions. It sometimes is desirable to direct the TPM's output to specific platform functions without exposing that output to other platform functions. To enable this, the key in a leaf node of the TCG protected storage can be tagged as a "redirected" key. Any plaintext output data secured by a redirected key is passed by the TPM directly to specific platform functions and is not interpreted by the TPM. Since redirection can only affect leaf keys, redirection applies to: Unbind, Unseal, Quote and Sign.

Parameters:
hContext -
tcsKeyHandle -
redirCmd -
inputData -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipResetLockValue

public static java.lang.Object[] TcsipResetLockValue(long hContext,
                                                     TcTcsAuth ownerAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
Resets the lock that get set in a TPM after multiple false authorization attempts. This is used to prevent hammering attacks. This command requires owner authorization.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSeal

public static java.lang.Object[] TcsipSeal(long hContext,
                                           long tcsKeyHandle,
                                           TcTpmEncauth encAuth,
                                           TcITpmPcrInfo pcrInfo,
                                           TcBlobData inData,
                                           TcTcsAuth inAuth)
                                    throws TcTddlException,
                                           TcTpmException,
                                           TcTcsException
This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed. The seal operation also implicitly includes the relevant platform configuration when the seal operation was performed.

Parameters:
hContext -
tcsKeyHandle -
encAuth -
pcrInfo -
inData -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipUnseal

public static java.lang.Object[] TcsipUnseal(long hContext,
                                             long tcsKeyHandle,
                                             TcITpmStoredData inData,
                                             TcTcsAuth keyAuth,
                                             TcTcsAuth dataAuth)
                                      throws TcTddlException,
                                             TcTpmException,
                                             TcTcsException
This method will reveal sealed data only if it was encrypted on this platform and the current configuration (defined by the named PCRs) is the one named as qualified to decrypt it. It decrypts the structure internally, checks the integrity of the resulting data and checks that the PCR named has the value named during TcsipSeal. Additionally, the caller must supply appropriate authorization data for the blob and the key that was used to seal that data.

Parameters:
hContext -
tcsKeyHandle -
inData -
keyAuth -
dataAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipUnBind

public static java.lang.Object[] TcsipUnBind(long hContext,
                                             long tcsKeyHandle,
                                             TcBlobData inData,
                                             TcTcsAuth inAuth)
                                      throws TcTddlException,
                                             TcTpmException,
                                             TcTcsException
This method takes the data blob that is the result of a bind command and decrypts it for export to the user. The caller must authorize the use of the key that will decrypt the incoming blob.

Parameters:
hContext -
tcsKeyHandle -
inData -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSealx

public static java.lang.Object[] TcsipSealx(long hContext,
                                            long tcsKeyHandle,
                                            TcTpmEncauth encAuth,
                                            TcTpmPcrInfoLong pcrInfo,
                                            TcBlobData inData,
                                            TcTcsAuth inAuth)
                                     throws TcTddlException,
                                            TcTpmException,
                                            TcTcsException
This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed. It also includes the relevant platform configuration when the SealX command was performed.

Parameters:
hContext -
tcsKeyHandle -
encAuth -
pcrInfo -
inData -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCreateMigrationBlob

public static java.lang.Object[] TcsipCreateMigrationBlob(long hContext,
                                                          long tcsParentKeyHandle,
                                                          int migrationType,
                                                          TcTpmMigrationkeyAuth migrationKeyAuth,
                                                          TcBlobData encData,
                                                          TcTcsAuth parentAuth,
                                                          TcTcsAuth entityAuth)
                                                   throws TcTddlException,
                                                          TcTpmException,
                                                          TcTcsException
This method implements the first step in the process of moving a migratable key to a new parent key or platform. Execution of this command requires knowledge of the migrationAuth field of the key to be migrated.

Parameters:
hContext -
tcsParentKeyHandle -
migrationType -
migrationKeyAuth -
encData -
parentAuth -
entityAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipConvertMigrationBlob

public static java.lang.Object[] TcsipConvertMigrationBlob(long hContext,
                                                           long tcsParentKeyHandle,
                                                           TcBlobData inData,
                                                           TcBlobData random,
                                                           TcTcsAuth parentAuth)
                                                    throws TcTddlException,
                                                           TcTpmException,
                                                           TcTcsException
This method takes a migration blob and creates a normal wrapped blob. The migrated blob must be loaded into the TPM using the normal LoadKey function.

Parameters:
hContext -
tcsParentKeyHandle -
inData -
random -
parentAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipAuthorizeMigrationKey

public static java.lang.Object[] TcsipAuthorizeMigrationKey(long hContext,
                                                            int migrationScheme,
                                                            TcTpmPubkey migrationKey,
                                                            TcTcsAuth ownerAuth)
                                                     throws TcTddlException,
                                                            TcTpmException,
                                                            TcTcsException
This method creates an authorization blob to allow the TPM owner to specify which migration facility they will use and allow users to migrate information without further involvement with the TPM owner.

Parameters:
hContext -
migrationScheme -
migrationKey -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipMigrateKey

public static java.lang.Object[] TcsipMigrateKey(long hContext,
                                                 long tcsMaKeyHandle,
                                                 TcTpmPubkey pubKey,
                                                 TcBlobData inData,
                                                 TcTcsAuth ownerAuth)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This method performs the function of a migration authority. THis command is used to permit a TPM enabled system to be a migration authority. To prevent execution of this command using any other key as a parent key, this TPM operation works only if the keyUsage for the macKey is TPM_KEY_MIGRATABLE.

Parameters:
hContext -
tcsMaKeyHandle -
pubKey -
inData -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkSetRestrictions

public static java.lang.Object[] TcsipCmkSetRestrictions(long hContext,
                                                         long restriction,
                                                         TcTcsAuth ownerAuth)
                                                  throws TcTddlException,
                                                         TcTpmException,
                                                         TcTcsException
This command is used by the owner to order the usage of a CMK with delegated authorization.

Parameters:
hContext -
restriction -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkApproveMA

public static java.lang.Object[] TcsipCmkApproveMA(long hContext,
                                                   TcTpmDigest migrationAuthorityDigest,
                                                   TcTcsAuth ownerAuth)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This command is used to create an authorization ticket, to allow the TPM owner to specify/select one or more migration authorities they approve and allow user to generate CMKs without further involvement of the owner.

Parameters:
hContext -
migrationAuthorityDigest -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkCreateKey

public static java.lang.Object[] TcsipCmkCreateKey(long hContext,
                                                   long tcsParentKeyHandle,
                                                   TcTpmEncauth keyDataUsageAuth,
                                                   TcTpmDigest migrationAuthorityApproval,
                                                   TcTpmDigest migrationAuthorityDigest,
                                                   TcTpmKey12 keyInfo,
                                                   TcTcsAuth inAuth)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This command both generates and creates a secure storage bundle for asymmetric keys whose migration is controlled/restricted by a migration authority. Only this command can be used to create these kind of keys.

Parameters:
hContext -
tcsParentKeyHandle -
keyDataUsageAuth -
keyInfo -
migrationAuthorityApproval -
migrationAuthorityDigest -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkCreateTicket

public static java.lang.Object[] TcsipCmkCreateTicket(long hContext,
                                                      TcTpmPubkey pubVerificationKey,
                                                      TcTpmDigest signedData,
                                                      TcBlobData signatureValue,
                                                      TcTcsAuth ownerAuth)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This owner controlled command uses a public key to verify the signature over a digest.

Parameters:
hContext -
pubVerificationKey -
signedData -
signatureValue -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkCreateBlob

public static java.lang.Object[] TcsipCmkCreateBlob(long hContext,
                                                    long tcsParentKeyHandle,
                                                    int migrationType,
                                                    TcTpmMigrationkeyAuth migrationKeyAuth,
                                                    TcTpmDigest pubSourceKeyDigest,
                                                    TcTpmMsaComposite msaList,
                                                    TcBlobData restrictTicket,
                                                    TcBlobData sigTicket,
                                                    TcBlobData encData,
                                                    TcTcsAuth parentAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This command is similar to TcspiCreateMigrationBlob, except that it uses migration authority data whose migration data are independent from tpmProof. It is possible for the parameter restrictTicket to be null.

Parameters:
hContext -
tcsParentKeyHandle -
migrationType -
migrationKeyAuth -
pubSourceKeyDigest -
msaList -
restrictTicket -
sigTicket -
encData -
parentAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCmkConvertMigration

public static java.lang.Object[] TcsipCmkConvertMigration(long hContext,
                                                          long tcsParentKeyHandle,
                                                          TcTpmCmkAuth restrictTicket,
                                                          TcTpmDigest sigTicket,
                                                          TcTpmKey12 migratedKey,
                                                          TcTpmMsaComposite msaList,
                                                          TcBlobData random,
                                                          TcTcsAuth parentAuth)
                                                   throws TcTddlException,
                                                          TcTpmException,
                                                          TcTcsException
This command is used as the final step to finish migrating a key to a new TPM. Note that the related TPM command migrates private keys only. The migration of the associated public keys us not specified by the TPM. The application (i.e. TSP) must generate a TPM_KEYxx structure before the migrated key can be used be the target TPM in a LoadKeyX command.

Parameters:
hContext -
tcsParentKeyHandle -
restrictTicket -
sigTicket -
migratedKey -
msaList -
random -
parentAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCreateMaintenanceArchive

public static java.lang.Object[] TcsipCreateMaintenanceArchive(long hContext,
                                                               boolean generateRandom,
                                                               TcTcsAuth ownerAuth)
                                                        throws TcTddlException,
                                                               TcTpmException,
                                                               TcTcsException
This method creates a TPM maintenance archive.

Parameters:
hContext -
generateRandom -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipLoadMaintenanceArchive

public static java.lang.Object[] TcsipLoadMaintenanceArchive(long hContext,
                                                             TcBlobData inData,
                                                             TcTcsAuth ownerAuth)
                                                      throws TcTddlException,
                                                             TcTpmException,
                                                             TcTcsException
This method loads a TPM maintenance archive that has been massaged by the manufacturer to load into another TPM.

Parameters:
hContext -
inData -
ownerAuth -
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipKillMaintenanceFeature

public static java.lang.Object[] TcsipKillMaintenanceFeature(long hContext,
                                                             TcTcsAuth ownerAuth)
                                                      throws TcTddlException,
                                                             TcTpmException,
                                                             TcTcsException
This method is a permanent action that prevents ANYONE from creating a TPM maintenance archive until a new TPM owner is set.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipLoadManuMaintPub

public static java.lang.Object[] TcsipLoadManuMaintPub(long hContext,
                                                       TcTpmNonce antiReplay,
                                                       TcTpmPubkey pubKey)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method loads the TPM manufactuerer's public key for use in the maintenance process.

Parameters:
hContext -
antiReplay -
pubKey -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReadManuMaintPub

public static java.lang.Object[] TcsipReadManuMaintPub(long hContext,
                                                       TcTpmNonce antiReplay)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This command is used to check whether the manufactuerer's public maintenance key in a TPM has the expected value.

Parameters:
hContext -
antiReplay -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipSign

public static java.lang.Object[] TcsipSign(long hContext,
                                           long tcsKeyHandle,
                                           TcBlobData areaToSign,
                                           TcTcsAuth inAuth)
                                    throws TcTddlException,
                                           TcTpmException,
                                           TcTcsException
This method signs a digest and returns the resulting digital signature. This command uses a properly authorized signature key.

Parameters:
hContext -
tcsKeyHandle -
areaToSign -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipGetRandom

public static java.lang.Object[] TcsipGetRandom(long hContext,
                                                long bytesRequested)
                                         throws TcTddlException,
                                                TcTpmException,
                                                TcTcsException
This method returns the next bytesRequested bytes from the random number generator to the caller.

Parameters:
hContext -
bytesRequested -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipStirRandom

public static java.lang.Object[] TcsipStirRandom(long hContext,
                                                 TcBlobData inData)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This method adds entropy to the RNG state.

Parameters:
hContext -
inData -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCertifyKey

public static java.lang.Object[] TcsipCertifyKey(long hContext,
                                                 long tcsCertHandle,
                                                 long tcsKeyHandle,
                                                 TcTpmNonce antiReplay,
                                                 TcTcsAuth certAuth,
                                                 TcTcsAuth keyAuth)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This method allows a key to certify the public portion of certain storage and signing keys.

Parameters:
hContext -
tcsCertHandle -
tcsKeyHandle -
antiReplay -
certAuth -
keyAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCertifyKey2

public static java.lang.Object[] TcsipCertifyKey2(long hContext,
                                                  long tcsCertHandle,
                                                  long tcsKeyHandle,
                                                  TcTpmDigest migrationPubDigest,
                                                  TcTpmNonce antiReplay,
                                                  TcTcsAuth certAuth,
                                                  TcTcsAuth keyAuth)
                                           throws TcTddlException,
                                                  TcTpmException,
                                                  TcTcsException
This method allows a key to certify the public portion of certifiable migratable storage and signing keys.

Parameters:
hContext -
tcsKeyHandle -
tcsCertHandle -
migrationPubDigest -
antiReplay -
keyAuth -
certAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCreateEndorsementKeyPair

public static java.lang.Object[] TcsipCreateEndorsementKeyPair(long hContext,
                                                               TcTpmNonce antiReplay,
                                                               TcTpmKeyParms keyInfo)
                                                        throws TcTddlException,
                                                               TcTpmException,
                                                               TcTcsException
This method generates the endorsement key pair.

Parameters:
hContext -
antiReplay -
keyInfo -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipCreateRevocableEK

public static java.lang.Object[] TcsipCreateRevocableEK(long hContext,
                                                        TcTpmNonce antiReplay,
                                                        TcTpmKeyParms keyInfo,
                                                        boolean generateReset,
                                                        TcTpmNonce inputEKreset)
                                                 throws TcTddlException,
                                                        TcTpmException,
                                                        TcTcsException
This method generates the revocable endorsement key pair.

Parameters:
hContext -
antiReplay -
keyInfo -
generateReset -
inputEKreset -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipRevokeEndorsementKeyPair

public static java.lang.Object[] TcsipRevokeEndorsementKeyPair(long hContext,
                                                               TcTpmNonce ekReset)
                                                        throws TcTddlException,
                                                               TcTpmException,
                                                               TcTcsException
This method clears the TPM revocable endorsement key pair.

Parameters:
hContext -
ekReset -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReadPubek

public static java.lang.Object[] TcsipReadPubek(long hContext,
                                                TcTpmNonce antiReplay)
                                         throws TcTddlException,
                                                TcTpmException,
                                                TcTcsException
This method returns the public portion of the endorsement key.

Parameters:
hContext -
antiReplay -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipActivateTpmIdentity

public static java.lang.Object[] TcsipActivateTpmIdentity(long hContext,
                                                          long tcsIdKeyHandle,
                                                          TcBlobData blob,
                                                          TcTcsAuth inKeyAuth,
                                                          TcTcsAuth inOwnerAuth)
                                                   throws TcTddlException,
                                                          TcTpmException,
                                                          TcTcsException
The purpose of this method is twofold: The first purpose is to obtain assurance that the credential in the TPM_SYM_CA_ATTESTATION is for this TPM. The second purpose is to obtain the session key used to encrypt the TPM_IDENTITY_CREDENTIAL. This function checks that the symmetric session key corresponds to a TPM-identity before releasing that session key. Only the owner of the TPM has the privilege of activating a TPM identity. The owner may authorize this function using either the TPM_OIAP or TPM_OSAP authorization protocols.

Parameters:
hContext -
tcsIdKeyHandle -
blob -
inKeyAuth -
inOwnerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipExtend

public static java.lang.Object[] TcsipExtend(long hContext,
                                             long pcrNum,
                                             TcTpmDigest inDigest)
                                      throws TcTddlException,
                                             TcTpmException,
                                             TcTcsException
This command causes the modification of a specific PCR register.

Parameters:
hContext -
pcrNum -
inDigest -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPcrRead

public static java.lang.Object[] TcsipPcrRead(long hContext,
                                              long pcrNum)
                                       throws TcTddlException,
                                              TcTpmException,
                                              TcTcsException
This method provides a non-cryptographic reporting of the contents of a named PCR.

Parameters:
hContext -
pcrNum -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipQuote

public static java.lang.Object[] TcsipQuote(long hContext,
                                            long tcsKeyHandle,
                                            TcTpmNonce antiReplay,
                                            TcTpmPcrSelection targetPCR,
                                            TcTcsAuth inAuth)
                                     throws TcTddlException,
                                            TcTpmException,
                                            TcTcsException
This command provides cryptographic reporting of PCR values. A loaded key is required for operation. This command uses the key to sign a statement that names the current value of a chosen PCR and externally supplied data (which may be a nonce supplied by a challenger).

Parameters:
hContext -
tcsKeyHandle -
antiReplay -
targetPCR -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipPcrReset

public static java.lang.Object[] TcsipPcrReset(long hContext,
                                               TcTpmPcrSelection pcrSelection)
                                        throws TcTddlException,
                                               TcTpmException,
                                               TcTcsException
This method resets a PCR register. Whether or not it succeeds may depend on the locality executing the command. PCRs can be defined in a platform specific specification to allow reset of certain PCRs only for certain localities. The one exception to this is PCR 15, which can always be reset in a 1.2 implementation (This is to allow software testing). This command will reset either ALL of the PCRs selected in pcrSelection or NONE of them. Note: On IFX 1.2 TPMs, PCR 16 instead of 15 seems the one that can always be reset.

Parameters:
hContext -
pcrSelection -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipQuote2

public static java.lang.Object[] TcsipQuote2(long hContext,
                                             long tcsKeyHandle,
                                             TcTpmNonce antiReplay,
                                             TcTpmPcrSelection targetPCR,
                                             boolean addVersion,
                                             TcTcsAuth inAuth)
                                      throws TcTddlException,
                                             TcTpmException,
                                             TcTcsException
This command provides cryptographic reporting of PCR values. A loaded key is required for operation. This method uses the key to sign a statement that names the current value of a chosen PCR and externally supplied data (which my be a nonce supplied by a challenger).

Parameters:
hContext -
tcsKeyHandle -
antiReplay -
targetPCR -
addVersion -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipChangeAuth

public static java.lang.Object[] TcsipChangeAuth(long hContext,
                                                 long tcsParentKeyHandle,
                                                 int protocolID,
                                                 TcTpmEncauth newAuth,
                                                 int entityType,
                                                 TcBlobData encData,
                                                 TcTcsAuth ownerAuth,
                                                 TcTcsAuth entityAuth)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
This method allows the owner of an entity to change the authorization data for the entity.

Parameters:
hContext -
tcsParentKeyHandle -
protocolID -
newAuth -
entityType -
encData -
ownerAuth -
entityAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipChangeAuthOwner

public static java.lang.Object[] TcsipChangeAuthOwner(long hContext,
                                                      int protocolID,
                                                      TcTpmEncauth newAuth,
                                                      int entityType,
                                                      TcTcsAuth ownerAuth)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method allows the owner of an entity to change the authorization data fro the TPM owner or the SRK.

Parameters:
hContext -
protocolID -
newAuth -
entityType -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOIAP

public static java.lang.Object[] TcsipOIAP(long hContext)
                                    throws TcTddlException,
                                           TcTpmException,
                                           TcTcsException
This method allows the creation of an authorization handle and the tracking of the handle by the TPM. THe TPM generates the handle and nonce.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOSAP

public static java.lang.Object[] TcsipOSAP(long hContext,
                                           int entityType,
                                           long entityValue,
                                           TcTpmNonce nonceOddOSAP)
                                    throws TcTddlException,
                                           TcTpmException,
                                           TcTcsException
This method creates the authorization handle, the shared secret and generates nonceEven and nonceEvenOSAP.

Parameters:
hContext -
entityType -
entityValue -
nonceOddOSAP -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDSAP

public static java.lang.Object[] TcsipDSAP(long hContext,
                                           int entityType,
                                           long tcsKeyHandle,
                                           TcTpmNonce nonceOddDSAP,
                                           TcBlobData entityValue)
                                    throws TcTddlException,
                                           TcTpmException,
                                           TcTcsException
This method opens a delegated authorization session.

Parameters:
hContext -
entityType -
tcsKeyHandle -
nonceOddDSAP -
entityValue -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateManage

public static java.lang.Object[] TcsipDelegateManage(long hContext,
                                                     long familyID,
                                                     long opFlag,
                                                     TcBlobData opData,
                                                     TcTcsAuth ownerAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
This command is authorized either by the TPM owner or by physical presence. If no owner is installed, the command requires no privilege to execute. The command uses the opCode parameter with values:

Parameters:
hContext -
familyID -
opFlag -
opData -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateCreateKeyDelegation

public static java.lang.Object[] TcsipDelegateCreateKeyDelegation(long hContext,
                                                                  long tcsKeyHandle,
                                                                  TcTpmDelegatePublic publicInfo,
                                                                  TcTpmEncauth encDelAuth,
                                                                  TcTcsAuth keyAuth)
                                                           throws TcTddlException,
                                                                  TcTpmException,
                                                                  TcTcsException
This method is used to delegate the privilege to us a key by creating a blob that can be used TPM_DSAP. THese blob cannot be used as input data for loading owner delegation, because the internal TPM delegate table is used to store owner delegations only.

Parameters:
hContext -
tcsKeyHandle -
publicInfo -
encDelAuth -
keyAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateCreateOwnerDelegation

public static java.lang.Object[] TcsipDelegateCreateOwnerDelegation(long hContext,
                                                                    boolean increment,
                                                                    TcTpmDelegatePublic publicInfo,
                                                                    TcTpmEncauth encDelAuth,
                                                                    TcTcsAuth ownerAuth)
                                                             throws TcTddlException,
                                                                    TcTpmException,
                                                                    TcTcsException
This method is used to delegate owner privileges to use a set of command ordinals by creating a blob. This blob can in turn be used as input data for TPM_DSAP or DelegateLoadOwnerDelegation to provide proof of privilege. DelegateCreateKeyDelegation must be used to delegate privilege to use a key.

Parameters:
hContext -
increment -
publicInfo -
encDelAuth -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateLoadOwnerDelegation

public static java.lang.Object[] TcsipDelegateLoadOwnerDelegation(long hContext,
                                                                  long index,
                                                                  TcTpmDelegateOwnerBlob blob,
                                                                  TcTcsAuth ownerAuth)
                                                           throws TcTddlException,
                                                                  TcTpmException,
                                                                  TcTcsException
This method is used to load an owner delegation blob into the TPM non-volatile delegation table. If an owner is installed the owner blob must be created with DelegateCreateOwnerDelegation. If an owner is not installed, the owner blob by be created outside the TPM and its TPM_DELEGATE_SENSITIVE component must be left unencrypted.

Parameters:
hContext -
index -
blob -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateReadTable

public static java.lang.Object[] TcsipDelegateReadTable(long hContext)
                                                 throws TcTddlException,
                                                        TcTpmException,
                                                        TcTcsException
This command is used to read from the TPM the public contents of the family and delegate tables that are stored on the TPM. Such data is required during external verification of tables. There are no restrictions on the execution of this command. Anyone can read this information regardless of the state of the PCRs, regardless of whether they know any specific authorization value and regardless whether or not the enable and admin bits are set one way or the other.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateUpdateVerificationCount

public static java.lang.Object[] TcsipDelegateUpdateVerificationCount(long hContext,
                                                                      TcBlobData inputData,
                                                                      TcTcsAuth ownerAuth)
                                                               throws TcTddlException,
                                                                      TcTpmException,
                                                                      TcTcsException
This method sets the cerificationCount in an entity (a blob or a delegation row) to the current family value, in order that the delegations represented by that entity will continue to be accepted by the TPM.

Parameters:
hContext -
inputData -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDelegateVerifyDelegation

public static java.lang.Object[] TcsipDelegateVerifyDelegation(long hContext,
                                                               TcBlobData delegation)
                                                        throws TcTddlException,
                                                               TcTpmException,
                                                               TcTcsException
This method interprets a delegate blob and returns success or failure, depending on whether the blob is currently valid.

Parameters:
hContext -
delegation -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipNvDefineOrReleaseSpace

public static java.lang.Object[] TcsipNvDefineOrReleaseSpace(long hContext,
                                                             TcTpmNvDataPublic pubInfo,
                                                             TcTpmEncauth encAuth,
                                                             TcTcsAuth inAuth)
                                                      throws TcTddlException,
                                                             TcTpmException,
                                                             TcTcsException
This command sets aside space in the TPM NVRAM and defines the access requirements necessary to read and write that space. If this function is called twice, the first time it will create the space and the second time delete it.

Parameters:
hContext -
pubInfo -
encAuth -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipNvWriteValue

public static java.lang.Object[] TcsipNvWriteValue(long hContext,
                                                   long nvIndex,
                                                   long offset,
                                                   TcBlobData data,
                                                   TcTcsAuth inAuth)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This command writes the value to a defined area. The write can be TPM owner authorized or unauthorized and protected by other attributes and will work when no TPM owner is present.

Parameters:
hContext -
nvIndex -
offset -
data -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipNvWriteValueAuth

public static java.lang.Object[] TcsipNvWriteValueAuth(long hContext,
                                                       long nvIndex,
                                                       long offset,
                                                       TcBlobData data,
                                                       TcTcsAuth inAuth)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This command writes a previously defined area. The area must require authorization to write. This command is for using when authorization other than the owner authorization is to be used.

Parameters:
hContext -
nvIndex -
offset -
data -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipNvReadValue

public static java.lang.Object[] TcsipNvReadValue(long hContext,
                                                  long nvIndex,
                                                  long offset,
                                                  long dataSz,
                                                  TcTcsAuth inAuth1)
                                           throws TcTddlException,
                                                  TcTpmException,
                                                  TcTcsException
This method reads a value from the NV store. This command uses optional owner authorization.

Parameters:
hContext -
nvIndex -
offset -
dataSz -
inAuth1 -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipNvReadValueAuth

public static java.lang.Object[] TcsipNvReadValueAuth(long hContext,
                                                      long nvIndex,
                                                      long offset,
                                                      long dataLength,
                                                      TcTcsAuth inAuth)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method reads a value from the NV store. This command uses optional owner authentication.

Parameters:
hContext -
nvIndex -
offset -
dataLength -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReadCurrentTicks

public static java.lang.Object[] TcsipReadCurrentTicks(long hContext)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method reads the current tick out of the TPM.

Parameters:
hContext -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipTickStampBlob

public static java.lang.Object[] TcsipTickStampBlob(long hContext,
                                                    long keyHandle,
                                                    TcTpmNonce antiReplay,
                                                    TcTpmDigest digestToStamp,
                                                    TcTcsAuth privAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method is similar to a time stamp: it associates a tick value with a blob, indicating that the blob existed at some point earlier than the time corresponding to the tick value.

Parameters:
hContext -
keyHandle -
antiReplay -
digestToStamp -
privAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsEstablishTransport

public static java.lang.Object[] TcsEstablishTransport(long hContext,
                                                       long tcsEncKeyHandle,
                                                       TcTpmTransportPublic transPublic,
                                                       TcBlobData secret,
                                                       TcTcsAuth inAuth1)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
TODO (transport): implement Tcsip method signature

Throws:
TcTddlException
TcTpmException
TcTcsException

TcsExecuteTransport

public static java.lang.Object[] TcsExecuteTransport(long hContext,
                                                     TcBlobData wrappedCmd,
                                                     long transHandle,
                                                     TcTcsAuth inAuth1)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
TODO (transport): implement Tcsip method signature

Throws:
TcTddlException
TcTpmException
TcTcsException

TcsReleaseTransportSigned

public static java.lang.Object[] TcsReleaseTransportSigned(long hContext,
                                                           long tcsKeyHandle,
                                                           TcTpmNonce antiReplay,
                                                           long transHandle,
                                                           TcTcsAuth inAuth1,
                                                           TcTcsAuth inAuth2)
                                                    throws TcTddlException,
                                                           TcTpmException,
                                                           TcTcsException
TODO (transport): implement Tcsip method signature

Throws:
TcTddlException
TcTpmException
TcTcsException

TcsipCreateCounter

public static java.lang.Object[] TcsipCreateCounter(long hContext,
                                                    TcBlobData label,
                                                    TcTpmEncauth encAuth,
                                                    TcTcsAuth ownerAuth)
                                             throws TcTddlException,
                                                    TcTpmException,
                                                    TcTcsException
This method creates a new counter in the TPM. It does NOT select that counter. Counter creation assigns an authorization value to the counter and sets the counters original start value to be one more that the internal base counter. The label length has to be 4.

Parameters:
hContext -
encAuth -
label -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipIncrementCounter

public static java.lang.Object[] TcsipIncrementCounter(long hContext,
                                                       long countID,
                                                       TcTcsAuth counterAuth)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method selects a counter if one has not yet been selected, and increments that counter register. If a counter has already been selected and it is different from the one requested, the increment counter will fail. To change the selected counter, the TPM must go through a startup cycle.

Parameters:
hContext -
countID -
counterAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReadCounter

public static java.lang.Object[] TcsipReadCounter(long hContext,
                                                  long countID)
                                           throws TcTddlException,
                                                  TcTpmException,
                                                  TcTcsException
This method reads the current value of a counter register.

Parameters:
hContext -
countID -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReleaseCounter

public static java.lang.Object[] TcsipReleaseCounter(long hContext,
                                                     long countID,
                                                     TcTcsAuth counterAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
This method releases a counter so that no reads or increments of the indicated counter will succeed. It invalidates all information regarding that counter, including the counter handle.

Parameters:
hContext -
countID -
counterAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipReleaseCounterOwner

public static java.lang.Object[] TcsipReleaseCounterOwner(long hContext,
                                                          long countID,
                                                          TcTcsAuth ownerAuth)
                                                   throws TcTddlException,
                                                          TcTpmException,
                                                          TcTcsException
This method releases a counter so that no reads or increments of the indicated counter will succeed. It invalidates all information regarding that counter, including the counter handle. It differs from TcsipReleaseCounter in that it requires TPM owner authorization instead of authorization for the counter.

Parameters:
hContext -
countID -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDaaJoin

public static java.lang.Object[] TcsipDaaJoin(long hContext,
                                              long handle,
                                              short stage,
                                              TcBlobData inputData0,
                                              TcBlobData inputData1,
                                              TcTcsAuth ownerAuth)
                                       throws TcTddlException,
                                              TcTpmException,
                                              TcTcsException
This method executes a TPM DAA join command.

Parameters:
hContext -
handle -
stage -
inputData0 -
inputData1 -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDaaSign

public static java.lang.Object[] TcsipDaaSign(long hContext,
                                              long handle,
                                              short stage,
                                              TcBlobData inputData0,
                                              TcBlobData inputData1,
                                              TcTcsAuth ownerAuth)
                                       throws TcTddlException,
                                              TcTpmException,
                                              TcTcsException
This method executes a TPM DAA sign command.

Parameters:
hContext -
handle -
stage -
inputData0 -
inputData1 -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipTerminateHandle

public static java.lang.Object[] TcsipTerminateHandle(long hContext,
                                                      long handle)
                                               throws TcTddlException,
                                                      TcTpmException,
                                                      TcTcsException
This method allows the TPM driver to clear out information in an authorization handle. The TPM may maintain the authorization session even though a key attached to it has been unloaded or the authorization session itself has been unloaded in some way.

Parameters:
hContext -
handle -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDirWriteAuth

public static java.lang.Object[] TcsipDirWriteAuth(long hContext,
                                                   long dirIndex,
                                                   TcTpmDigest newContents,
                                                   TcTcsAuth inAuth)
                                            throws TcTddlException,
                                                   TcTpmException,
                                                   TcTcsException
This method provides write access to the Data Integrity Registers.

Parameters:
hContext -
dirIndex -
newContents -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDirRead

public static java.lang.Object[] TcsipDirRead(long hContext,
                                              long dirIndex)
                                       throws TcTddlException,
                                              TcTpmException,
                                              TcTcsException
This method provides read access to the Data Integrity Registers.

Parameters:
hContext -
dirIndex -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipChangeAuthAsymStart

public static java.lang.Object[] TcsipChangeAuthAsymStart(long hContext,
                                                          long tcsKeyHandle,
                                                          TcTpmNonce antiReplay,
                                                          TcTpmKeyParms tempKeyInfo,
                                                          TcTcsAuth inAuth)
                                                   throws TcTddlException,
                                                          TcTpmException,
                                                          TcTcsException
This method starts the process of changing authorization for an entity. It sets the OIAP session that must be retained for use by its twin TcsipChangeAuthAsymFinish command.

Parameters:
hContext -
tcsKeyHandle -
antiReplay -
tempKeyInfo -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipChangeAuthAsymFinish

public static java.lang.Object[] TcsipChangeAuthAsymFinish(long hContext,
                                                           long tcsParentKeyHandle,
                                                           long tcsEphHandle,
                                                           int entityType,
                                                           TcTpmDigest newAuthLink,
                                                           TcBlobData encNewAuth,
                                                           TcBlobData encData,
                                                           TcTcsAuth inAuth)
                                                    throws TcTddlException,
                                                           TcTpmException,
                                                           TcTcsException
This method completes the process of changing authorization for an entity.

Parameters:
hContext -
tcsParentKeyHandle -
tcsEphHandle -
entityType -
newAuthLink -
encNewAuth -
encData -
inAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipOwnerReadPubek

public static java.lang.Object[] TcsipOwnerReadPubek(long hContext,
                                                     TcTcsAuth ownerAuth)
                                              throws TcTddlException,
                                                     TcTpmException,
                                                     TcTcsException
This method allows the TPM owner to read the public endorsement key.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipDisablePubekRead

public static java.lang.Object[] TcsipDisablePubekRead(long hContext,
                                                       TcTcsAuth ownerAuth)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
This method returns the public portion of the endorsement key.

Parameters:
hContext -
ownerAuth -
Throws:
TcTddlException, - TcTpmException
TcTcsException
TcTddlException
TcTpmException

TcsipIfxReadTpm11EkCert

public static java.lang.Object[] TcsipIfxReadTpm11EkCert(long hContext,
                                                         byte index,
                                                         TcBlobData antiReplay)
                                                  throws TcTddlException,
                                                         TcTpmException,
                                                         TcTcsException
Vendor specific for Infineon 1.1b TPMs. This command reads the EK certificate from an Infineon 1.1b TPM.

Parameters:
hContext -
index -
antiReplay -
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsSHA1Start

public static java.lang.Object[] TcsSHA1Start(long hContext)
                                       throws TcTddlException,
                                              TcTpmException,
                                              TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsSHA1Update

public static java.lang.Object[] TcsSHA1Update(long hContext,
                                               long numBytes,
                                               TcBlobData hashData)
                                        throws TcTddlException,
                                               TcTpmException,
                                               TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsSHA1Complete

public static java.lang.Object[] TcsSHA1Complete(long hContext,
                                                 TcBlobData hashData)
                                          throws TcTddlException,
                                                 TcTpmException,
                                                 TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException

TcsSHA1CompleteExtend

public static java.lang.Object[] TcsSHA1CompleteExtend(long hContext,
                                                       long pcrNum,
                                                       TcBlobData hashData)
                                                throws TcTddlException,
                                                       TcTpmException,
                                                       TcTcsException
Throws:
TcTddlException
TcTpmException
TcTcsException