|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.tc.tss.impl.java.tsp.TcAttributes iaik.tc.tss.impl.java.tsp.TcWorkingObject iaik.tc.tss.impl.java.tsp.TcAuthObject iaik.tc.tss.impl.java.tsp.TcEncData
public class TcEncData
Method Summary | |
---|---|
void |
bind(TcIRsaKey encKey,
TcBlobData data)
This method encrypts a data blob in a manner that can only be decrypted by TcIEncData.unbind(TcIRsaKey) . |
void |
changeAuth(TcIAuthObject parentObject,
TcIPolicy newPolicy)
This method changes the authorization data (secret) of an entity (object) and assigns the object to the newPolicy object. |
TcBlobData |
getAttribBlob(long subFlag)
This method returns a reference to the data blob represented by this object. |
TcBlobData |
getAttribPcr(long subFlag)
This method is used to retrieve PcrInfo information about sealed data. |
TcBlobData |
getAttribPcrLongBlob(long subFlag)
This method is used to retrieve PcrInfoLong information about sealed data. |
long |
getAttribPcrLongUINT32(long subFlag)
This method returns the locality at creation/release of the previously sealed data. |
long |
getAttribSeal(long subFlag)
This method returns the current setting of the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute which defines if the SealX command
is used or not. |
void |
seal(TcIRsaKey encKey,
TcBlobData data,
TcIPcrComposite pcrComposite)
This method encrypts a data blob in a manner that can only be decrypted by unseal on the same system. |
void |
setAttribBlob(long subFlag,
TcBlobData data)
This method allows to set the blob to be bound or encrypted. |
void |
setAttribSeal(long subFlag,
long attrib)
This method sets toggles the usage of the SealX command as specified for the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute. |
TcBlobData |
unbind(TcIRsaKey key)
This method unbinds (decrypts) a previously bound (encrypted) data blob. |
TcBlobData |
unseal(TcIRsaKey key)
This method reveals data encrypted by Tspi_Data_Seal only if it was encrypted on the same platform and the current configuration (as defined by the named PCR contents of the encrypted data blob) is the one named as qualified to decrypt it. |
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAuthObject |
---|
changeAuthAsym, getPolicyObject, getUsagePolicyObject |
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAttributes |
---|
getAttribData, getAttribUint32, setAttribData, setAttribUint32 |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAttributes |
---|
getAttribData, getAttribUint32, setAttribData, setAttribUint32 |
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAuthObject |
---|
changeAuthAsym, getPolicyObject, getUsagePolicyObject |
Method Detail |
---|
public void bind(TcIRsaKey encKey, TcBlobData data) throws TcTssException
TcIEncData
TcIEncData.unbind(TcIRsaKey)
. The data blob is encrypted using a public key operation
with the key addressed by the given encryption key object. To bind data larger than the RSA
public key modulus it is the responsibility of the caller to perform the blocking and
subsequent combination of data. The bound blob can be obtained using
TcIAttributes.getAttribData(long, long)
.
Note that the bind operation is performed entirely in software. It therefore is not restricted
to a key generated by the resident TPM. It may be used with any appropriate public key. In such
a case the TSS might however not be able to provide the unbind service.
Note that the maximum data size for bind operations actually is smaller then the public modulus
of the RSA key. For the TcTssConstants.TSS_ES_RSAESPKCSV15
encryption scheme with
TcTssConstants.TSS_KEY_TYPE_BIND
keys the max size is keySize - 11 - (4 + 1). With
TcTssConstants.TSS_KEY_TYPE_LEGACY
keys the max size is keySize - 11. For the
TcTssConstants.TSS_ES_RSAESOAEP_SHA1_MGF1
encryption scheme with
TcTssConstants.TSS_KEY_TYPE_BIND
or TcTssConstants.TSS_KEY_TYPE_LEGACY
keys the
max size is keySize - (2 * 20) - 2 - (4 + 1). The (4 + 1) accounts for the size of the
TcTpmBoundData
structure.
bind
in interface TcIEncData
encKey
- The key used for encryption.data
- The data to encrypt.
TcTssException
public void seal(TcIRsaKey encKey, TcBlobData data, TcIPcrComposite pcrComposite) throws TcTssException
TcIEncData
TcTssConstants.TSS_PCRS_STRUCT_INFO_LONG
init flag when creating the PCR composite
object on systems with a 1.2. TPM.
The maximum input size for seal operations is keySize - (40 - 2) - 65 where 65 accounts for the
size of the TcTpmSealedData
structure. It is left to the caller to properly block it
input data according to this maximum size.
seal
in interface TcIEncData
encKey
- The non-migratable key which is used to encrypt the data.data
- The data to be encrypted.pcrComposite
- The PCR values the encrypted data should be sealed to. Set to null to omit
sealing to PCR values.
TcTssException
public TcBlobData unbind(TcIRsaKey key) throws TcTssException
TcIEncData
TcIAttributes.setAttribData(long, long, TcBlobData)
method. It the key used for binding
is not available in the TPM or is of wrong type, the TPM may not be able to perform the unbind
operation.
Note that this method operates on a block-by-block basis and has no notion of any relation
between blocks. See also TcIEncData.unbind(TcIRsaKey)
for more information on data
blocking.
unbind
in interface TcIEncData
key
- The Key used for decryption.
TcTssException
public TcBlobData unseal(TcIRsaKey key) throws TcTssException
TcIEncData
unseal
in interface TcIEncData
key
- non-migratable key which is used to decrypt the data
TcTssException
public void changeAuth(TcIAuthObject parentObject, TcIPolicy newPolicy) throws TcTssException
TcIAuthObject
changeAuth
in interface TcIAuthObject
parentObject
- The parent object wrapping this object.newPolicy
- Policy object providing the new authorization data.
TcTssException
public void setAttribSeal(long subFlag, long attrib) throws TcTspException
TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL
attribute. This method is an alternative to
using TcIAttributes.setAttribUint32(long, long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL
as flag.
subFlag
- Valid subFlags are:
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE
.attrib
- Valid attributes are:
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT
(use SealX)
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT
(do not use SealX)
TcTspException
public long getAttribSeal(long subFlag) throws TcTspException
TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL
attribute which defines if the SealX command
is used or not. This method is an alternative to using
TcIAttributes.getAttribUint32(long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL
as flag.
subFlag
- Valid subFlags are:
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE
.
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT
(uses SealX)
TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT
(does not use SealX)
TcTspException
public long getAttribPcrLongUINT32(long subFlag) throws TcTspException
TcIAttributes.getAttribUint32(long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR_LONG
as flag.
subFlag
- Valid subFlags are:
TcTspException
public void setAttribBlob(long subFlag, TcBlobData data) throws TcTspException
TcIAttributes.setAttribData(long, long, TcBlobData)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB
as flag.
subFlag
- Valid subFlags are TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB
.data
- The data to set.
TcTspException
public TcBlobData getAttribBlob(long subFlag) throws TcTspException
TcIAttributes.getAttribData(long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB
as flag.
subFlag
- Valid subFlags are TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB
.
TcTspException
public TcBlobData getAttribPcrLongBlob(long subFlag) throws TcTspException
TcIAttributes.getAttribData(long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR_LONG
as flag.
subFlag
- Valid subFlags are:
TcTspException
public TcBlobData getAttribPcr(long subFlag) throws TcTspException
TcIAttributes.getAttribData(long, long)
with
TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR
as flag.
subFlag
- Valid subFlags are:
TcTspException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |