iaik.tc.tss.impl.java.tsp
Class TcEncData

java.lang.Object
  extended by iaik.tc.tss.impl.java.tsp.TcAttributes
      extended by iaik.tc.tss.impl.java.tsp.TcWorkingObject
          extended by iaik.tc.tss.impl.java.tsp.TcAuthObject
              extended by iaik.tc.tss.impl.java.tsp.TcEncData
All Implemented Interfaces:
TcIAttributes, TcIAuthObject, TcIEncData, TcIWorkingObject

public class TcEncData
extends TcAuthObject
implements TcIEncData


Method Summary
 void bind(TcIRsaKey encKey, TcBlobData data)
          This method encrypts a data blob in a manner that can only be decrypted by TcIEncData.unbind(TcIRsaKey).
 void changeAuth(TcIAuthObject parentObject, TcIPolicy newPolicy)
          This method changes the authorization data (secret) of an entity (object) and assigns the object to the newPolicy object.
 TcBlobData getAttribBlob(long subFlag)
          This method returns a reference to the data blob represented by this object.
 TcBlobData getAttribPcr(long subFlag)
          This method is used to retrieve PcrInfo information about sealed data.
 TcBlobData getAttribPcrLongBlob(long subFlag)
          This method is used to retrieve PcrInfoLong information about sealed data.
 long getAttribPcrLongUINT32(long subFlag)
          This method returns the locality at creation/release of the previously sealed data.
 long getAttribSeal(long subFlag)
          This method returns the current setting of the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute which defines if the SealX command is used or not.
 void seal(TcIRsaKey encKey, TcBlobData data, TcIPcrComposite pcrComposite)
          This method encrypts a data blob in a manner that can only be decrypted by unseal on the same system.
 void setAttribBlob(long subFlag, TcBlobData data)
          This method allows to set the blob to be bound or encrypted.
 void setAttribSeal(long subFlag, long attrib)
          This method sets toggles the usage of the SealX command as specified for the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute.
 TcBlobData unbind(TcIRsaKey key)
          This method unbinds (decrypts) a previously bound (encrypted) data blob.
 TcBlobData unseal(TcIRsaKey key)
          This method reveals data encrypted by Tspi_Data_Seal only if it was encrypted on the same platform and the current configuration (as defined by the named PCR contents of the encrypted data blob) is the one named as qualified to decrypt it.
 
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAuthObject
changeAuthAsym, getPolicyObject, getUsagePolicyObject
 
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAttributes
getAttribData, getAttribUint32, setAttribData, setAttribUint32
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAttributes
getAttribData, getAttribUint32, setAttribData, setAttribUint32
 
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAuthObject
changeAuthAsym, getPolicyObject, getUsagePolicyObject
 

Method Detail

bind

public void bind(TcIRsaKey encKey,
                 TcBlobData data)
          throws TcTssException
Description copied from interface: TcIEncData
This method encrypts a data blob in a manner that can only be decrypted by TcIEncData.unbind(TcIRsaKey). The data blob is encrypted using a public key operation with the key addressed by the given encryption key object. To bind data larger than the RSA public key modulus it is the responsibility of the caller to perform the blocking and subsequent combination of data. The bound blob can be obtained using TcIAttributes.getAttribData(long, long). Note that the bind operation is performed entirely in software. It therefore is not restricted to a key generated by the resident TPM. It may be used with any appropriate public key. In such a case the TSS might however not be able to provide the unbind service. Note that the maximum data size for bind operations actually is smaller then the public modulus of the RSA key. For the TcTssConstants.TSS_ES_RSAESPKCSV15 encryption scheme with TcTssConstants.TSS_KEY_TYPE_BIND keys the max size is keySize - 11 - (4 + 1). With TcTssConstants.TSS_KEY_TYPE_LEGACY keys the max size is keySize - 11. For the TcTssConstants.TSS_ES_RSAESOAEP_SHA1_MGF1 encryption scheme with TcTssConstants.TSS_KEY_TYPE_BIND or TcTssConstants.TSS_KEY_TYPE_LEGACY keys the max size is keySize - (2 * 20) - 2 - (4 + 1). The (4 + 1) accounts for the size of the TcTpmBoundData structure.

Specified by:
bind in interface TcIEncData
Parameters:
encKey - The key used for encryption.
data - The data to encrypt.
Throws:
TcTssException

seal

public void seal(TcIRsaKey encKey,
                 TcBlobData data,
                 TcIPcrComposite pcrComposite)
          throws TcTssException
Description copied from interface: TcIEncData
This method encrypts a data blob in a manner that can only be decrypted by unseal on the same system. The data blob is encrypted using a public key operation with the non-migratable key addressed by the given encryption key object. Additionally the seal operation allows software to explicitly state the future trusted configuration that the platform must be in for the encrypted data to be revealed and implicitly includes the relevant Platform Configuration Register (PCR) values when the seal operation was performed. Which PCR registers are going to be part of the seal operation is specified by the PCR composite object. Beginning with the 1.2 TPM specification, the PCR object can also contain the locality at release and two sets of PCR values: The PCRs which are recorded at the time the sealing takes place (i.e. digest at creation) and those specifying the valid PCR state for the unseal operation. To create such a PCR composite object use the TcTssConstants.TSS_PCRS_STRUCT_INFO_LONG init flag when creating the PCR composite object on systems with a 1.2. TPM. The maximum input size for seal operations is keySize - (40 - 2) - 65 where 65 accounts for the size of the TcTpmSealedData structure. It is left to the caller to properly block it input data according to this maximum size.

Specified by:
seal in interface TcIEncData
Parameters:
encKey - The non-migratable key which is used to encrypt the data.
data - The data to be encrypted.
pcrComposite - The PCR values the encrypted data should be sealed to. Set to null to omit sealing to PCR values.
Throws:
TcTssException

unbind

public TcBlobData unbind(TcIRsaKey key)
                  throws TcTssException
Description copied from interface: TcIEncData
This method unbinds (decrypts) a previously bound (encrypted) data blob. Before calling the unbind operation, the encrypted blob has to be set using the TcIAttributes.setAttribData(long, long, TcBlobData) method. It the key used for binding is not available in the TPM or is of wrong type, the TPM may not be able to perform the unbind operation. Note that this method operates on a block-by-block basis and has no notion of any relation between blocks. See also TcIEncData.unbind(TcIRsaKey) for more information on data blocking.

Specified by:
unbind in interface TcIEncData
Parameters:
key - The Key used for decryption.
Returns:
decrypted The decrypted data blob.
Throws:
TcTssException

unseal

public TcBlobData unseal(TcIRsaKey key)
                  throws TcTssException
Description copied from interface: TcIEncData
This method reveals data encrypted by Tspi_Data_Seal only if it was encrypted on the same platform and the current configuration (as defined by the named PCR contents of the encrypted data blob) is the one named as qualified to decrypt it. This is internally proofed and guaranteed by the TPM.

Specified by:
unseal in interface TcIEncData
Parameters:
key - non-migratable key which is used to decrypt the data
Returns:
decrypted data
Throws:
TcTssException

changeAuth

public void changeAuth(TcIAuthObject parentObject,
                       TcIPolicy newPolicy)
                throws TcTssException
Description copied from interface: TcIAuthObject
This method changes the authorization data (secret) of an entity (object) and assigns the object to the newPolicy object. All classes using secrets provide this method for changing their authorization data. To change the TPM owner authorization, this method has to be called on the TPM object. The parent has to be set to null. To change the SRK authorization, this method has to be called on the SRK key object and the parent has to be set to the TPM object.

Specified by:
changeAuth in interface TcIAuthObject
Parameters:
parentObject - The parent object wrapping this object.
newPolicy - Policy object providing the new authorization data.
Throws:
TcTssException

setAttribSeal

public void setAttribSeal(long subFlag,
                          long attrib)
                   throws TcTspException
This method sets toggles the usage of the SealX command as specified for the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute. This method is an alternative to using TcIAttributes.setAttribUint32(long, long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL as flag.

Parameters:
subFlag - Valid subFlags are: TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE.
attrib - Valid attributes are:
Throws:
TcTspException

getAttribSeal

public long getAttribSeal(long subFlag)
                   throws TcTspException
This method returns the current setting of the TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL attribute which defines if the SealX command is used or not. This method is an alternative to using TcIAttributes.getAttribUint32(long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_SEAL as flag.

Parameters:
subFlag - Valid subFlags are: TcTssConstants.TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE.
Returns:
Throws:
TcTspException

getAttribPcrLongUINT32

public long getAttribPcrLongUINT32(long subFlag)
                            throws TcTspException
This method returns the locality at creation/release of the previously sealed data. Not that localities are only supported on 1.2 TPMs and are used only if 1.2 structures are used. This method is an alternative to using TcIAttributes.getAttribUint32(long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR_LONG as flag.

Parameters:
subFlag - Valid subFlags are:
Returns:
The requested locality value.
Throws:
TcTspException

setAttribBlob

public void setAttribBlob(long subFlag,
                          TcBlobData data)
                   throws TcTspException
This method allows to set the blob to be bound or encrypted. This method is an alternative to using TcIAttributes.setAttribData(long, long, TcBlobData) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB as flag.

Parameters:
subFlag - Valid subFlags are TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB.
data - The data to set.
Throws:
TcTspException

getAttribBlob

public TcBlobData getAttribBlob(long subFlag)
                         throws TcTspException
This method returns a reference to the data blob represented by this object. This method is an alternative to using TcIAttributes.getAttribData(long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB as flag.

Parameters:
subFlag - Valid subFlags are TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB.
Returns:
Reference to the blob associated with the object.
Throws:
TcTspException

getAttribPcrLongBlob

public TcBlobData getAttribPcrLongBlob(long subFlag)
                                throws TcTspException
This method is used to retrieve PcrInfoLong information about sealed data. Not that this method can only be used on 1.2 TPMs and if 1.2 PCR structures are used. This method is an alternative to using TcIAttributes.getAttribData(long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR_LONG as flag.

Parameters:
subFlag - Valid subFlags are:
Returns:
The request information.
Throws:
TcTspException

getAttribPcr

public TcBlobData getAttribPcr(long subFlag)
                        throws TcTspException
This method is used to retrieve PcrInfo information about sealed data. Not that this method can only be used if 1.1 PCR structures are used. This method is an alternative to using TcIAttributes.getAttribData(long, long) with TcTssConstants.TSS_TSPATTRIB_ENCDATA_PCR as flag.

Parameters:
subFlag - Valid subFlags are:
Returns:
The request information.
Throws:
TcTspException