iaik.tc.tss.impl.java.tcs.authmgr
Class TcTcsAuthCacheVista

java.lang.Object
  extended by iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthCache
      extended by iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthCacheVista

public class TcTcsAuthCacheVista
extends TcTcsAuthCache

This class implements the auth session handling for Windows Vista. Contrary to the TSS design of the TCG, on Vista the TSS is not the software component that has exclusive access to the TPM. On Vista TPM access is managed by the TPM Base Services (TBS). The TBS can block specified TPM commands and also offers resource virtualization. By virtualization, TBS means that TPM key slots and session handles returned by the TPM are not directly passed to applications that use the TBS. For every TPM resource, the TBS creates an own, virtualized, handle it returns to the calling application. Internally, the TBS keeps a mapping from TPM resource handles to TBS resource handles. When commands are sent to the TPM, the TBS modifies the command stream such that it replaces TBS handles with real TPM handles. By that, the TBS greatly increases the resources offered by the TPM. In essence, the TBS takes over duties from the TSS (e.g. caching auth sessions using Save/LoadContext). As a consequence, the TSS can not really do resource management (since it does not get hold of the actual TPM resources) but has to/can rely on the TBS to do its job.


Constructor Summary
TcTcsAuthCacheVista()
           
 
Method Summary
 void addActiveAuthSession(long authHandle, TcTpmNonce nonceEven)
          This method is called if a new auth session was established.
 java.lang.String cachedAuthSessionsToString()
          This method is intended for debugging.
 void ensureAuthsAreLoadedInTpm(TcTcsAuth[] auths)
          This method is called by TCSI methods that use auth sessions.
 void evictAllAuthSessions()
          This method evicts all auth sessions from the TPM.
 void removeActiveAuthSession(TcTcsAuth auth)
          This method is called if an auth session is no longer active (terminated intentionally or because of an error).
 void swapOutAuth(long[] keepHandles)
          This method swaps out an auth sessions from the TPM.
 void trackActiveAuthSession(TcTcsAuth inAuth, TcTcsAuth outAuth)
          This method is called if an auth is used to authorize more than one TPM command.
 
Methods inherited from class iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthCache
getInstance
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TcTcsAuthCacheVista

public TcTcsAuthCacheVista()
Method Detail

evictAllAuthSessions

public void evictAllAuthSessions()
                          throws TcTddlException,
                                 TcTpmException
Description copied from class: TcTcsAuthCache
This method evicts all auth sessions from the TPM. The TSS is supposed to have full control of the TPM. No other entity than the TSS is responsible for managing sessions. Consequently, the TSS flushes all existing auth sessions before taking control of the saved context slots. Note: This method is specific to 1.2 TPMs.

Note: This functionality is also implemented in TcTddl. Changes here should be applied in TcTddl too.

Specified by:
evictAllAuthSessions in class TcTcsAuthCache
Throws:
TcTddlException
TcTpmException

swapOutAuth

public void swapOutAuth(long[] keepHandles)
                 throws TcTddlException,
                        TcTpmException,
                        TcTcsException
Description copied from class: TcTcsAuthCache
This method swaps out an auth sessions from the TPM.

Specified by:
swapOutAuth in class TcTcsAuthCache
Parameters:
keepHandles - When swapping out an auth session, this method avoids to swap out the sessions with the handles specified by notHandles. If it does not matter which session to swap out, simply pass an empty array.
Throws:
TcTddlException
TcTpmException
TcTcsException

ensureAuthsAreLoadedInTpm

public void ensureAuthsAreLoadedInTpm(TcTcsAuth[] auths)
                               throws TcTddlException,
                                      TcTpmException,
                                      TcTcsException
Description copied from class: TcTcsAuthCache
This method is called by TCSI methods that use auth sessions. By calling this method, it is ensured that the required auth sessions are loaded in the TPM. In cases the auth sessions were swapped out, they are re-loaded into the TPM. Should re-loading be required, the TPM might assign a new auth handles to the sessions. In such a case, the authHandles of the auth parameter are modified accordingly.

Specified by:
ensureAuthsAreLoadedInTpm in class TcTcsAuthCache
Parameters:
auths - The auth sessions that have to be present in the TPM.
Throws:
TcTddlException
TcTpmException
TcTcsException

addActiveAuthSession

public void addActiveAuthSession(long authHandle,
                                 TcTpmNonce nonceEven)
Description copied from class: TcTcsAuthCache
This method is called if a new auth session was established.

Overrides:
addActiveAuthSession in class TcTcsAuthCache
Parameters:
authHandle - The new auth session.
nonceEven - The even nonce generated by the TPM.

removeActiveAuthSession

public void removeActiveAuthSession(TcTcsAuth auth)
Description copied from class: TcTcsAuthCache
This method is called if an auth session is no longer active (terminated intentionally or because of an error). The auth session is removed from the list of activeAuth sessions.

Overrides:
removeActiveAuthSession in class TcTcsAuthCache
Parameters:
auth - The auth session to be removed.

trackActiveAuthSession

public void trackActiveAuthSession(TcTcsAuth inAuth,
                                   TcTcsAuth outAuth)
Description copied from class: TcTcsAuthCache
This method is called if an auth is used to authorize more than one TPM command. In such a case, the TPM generates a new nonceEven and consequently the unique identifier we use for auth sessions changes as well. Therefore, this method updates the identifier of the auth session in the list of active auth sessions.

Overrides:
trackActiveAuthSession in class TcTcsAuthCache

cachedAuthSessionsToString

public java.lang.String cachedAuthSessionsToString()
                                            throws TcTddlException,
                                                   TcTpmException
Description copied from class: TcTcsAuthCache
This method is intended for debugging. It returns a string of auth handles currently loaded in the TPM.

Specified by:
cachedAuthSessionsToString in class TcTcsAuthCache
Throws:
TcTddlException
TcTpmException