iaik.tc.tss.impl.java.tcs.pbg
Class TcTpmCmdMigration

java.lang.Object
  extended by iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon
      extended by iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdMigration

public class TcTpmCmdMigration
extends TcTpmCmdCommon


Constructor Summary
TcTpmCmdMigration()
           
 
Method Summary
static java.lang.Object[] TpmAuthorizeMigrationKey(TcIStreamDest dest, int migrationScheme, TcTpmPubkey migrationKey, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkApproveMA(TcIStreamDest dest, TcTpmDigest migrationAuthorityDigest, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkConvertMigration(TcIStreamDest dest, long parentHandle, TcTpmCmkAuth restrictTicket, TcTpmDigest sigTicket, TcTpmKey12 migratedKey, TcTpmMsaComposite msaList, TcBlobData random, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkCreateBlob(TcIStreamDest dest, long parentHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcTpmDigest pubSourceKeyDigest, TcTpmMsaComposite msaList, TcBlobData restrictTicket, TcBlobData sigTicket, TcBlobData encData, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkCreateKey(TcIStreamDest dest, long parentHandle, TcTpmEncauth dataUsageAuth, TcTpmKey12 keyInfo, TcTpmDigest migrationAuthorityApproval, TcTpmDigest migrationAuthorityDigest, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkCreateTicket(TcIStreamDest dest, TcTpmPubkey verificationKey, TcTpmDigest signedData, TcBlobData signatureValue, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCmkSetRestrictions(TcIStreamDest dest, long restriction, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmConvertMigrationBlob(TcIStreamDest dest, long parentHandle, TcBlobData inData, TcBlobData random, TcTcsAuth inAuth1)
           
static java.lang.Object[] TpmCreateMigrationBlob(TcIStreamDest dest, long parentHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcBlobData encData, TcTcsAuth inAuth1, TcTcsAuth inAuth2)
           
static java.lang.Object[] TpmMigrateKey(TcIStreamDest dest, long maKeyHandle, TcTpmPubkey pubKey, TcBlobData inData, TcTcsAuth inAuth1)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TcTpmCmdMigration

public TcTpmCmdMigration()
Method Detail

TpmCreateMigrationBlob

public static java.lang.Object[] TpmCreateMigrationBlob(TcIStreamDest dest,
                                                        long parentHandle,
                                                        int migrationType,
                                                        TcTpmMigrationkeyAuth migrationKeyAuth,
                                                        TcBlobData encData,
                                                        TcTcsAuth inAuth1,
                                                        TcTcsAuth inAuth2)
                                                 throws TcTddlException,
                                                        TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
inAuth2 - Authorization values for second authorization session.
parentHandle - Handle of the parent key that can decrypt encData.
migrationType - The migration type, either MIGRATE or REWRAP
migrationKeyAuth - Migration public key and its authorization session digest.
encData - The encrypted entity that is to be modified.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for 1st session containing new nonceEven (TcTpmAuth)
  • 2 ... outgoing authorization for 2nd session containing new nonceEven (TcTpmAuth)
  • 3 ... String used for xor encryption (TcBlobData)
  • 4 ... The modified, encrypted entity. (TcBlobData)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
82

TpmConvertMigrationBlob

public static java.lang.Object[] TpmConvertMigrationBlob(TcIStreamDest dest,
                                                         long parentHandle,
                                                         TcBlobData inData,
                                                         TcBlobData random,
                                                         TcTcsAuth inAuth1)
                                                  throws TcTddlException,
                                                         TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
parentHandle - Handle of a loaded key that can decrypt keys.
inData - The XOR'd and encrypted key
random - Random value used to hide key data.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... The encrypted private key that canbe loaded with TPM_LoadKey (TcBlobData)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
86

TpmAuthorizeMigrationKey

public static java.lang.Object[] TpmAuthorizeMigrationKey(TcIStreamDest dest,
                                                          int migrationScheme,
                                                          TcTpmPubkey migrationKey,
                                                          TcTcsAuth inAuth1)
                                                   throws TcTddlException,
                                                          TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
migrationScheme - Type of migration operation that is to be permitted for this key.
migrationKey - The public key to be authorized.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... Returned public key and authorization session digest. (TcTpmMigrationkeyAuth)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
88

TpmMigrateKey

public static java.lang.Object[] TpmMigrateKey(TcIStreamDest dest,
                                               long maKeyHandle,
                                               TcTpmPubkey pubKey,
                                               TcBlobData inData,
                                               TcTcsAuth inAuth1)
                                        throws TcTddlException,
                                               TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
maKeyHandle - Handle of the key to be used to migrate the key.
pubKey - Public key to which the blob is to be migrated
inData - The input blob
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... The re-encrypted blob (TcBlobData)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
90

TpmCmkSetRestrictions

public static java.lang.Object[] TpmCmkSetRestrictions(TcIStreamDest dest,
                                                       long restriction,
                                                       TcTcsAuth inAuth1)
                                                throws TcTddlException,
                                                       TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
restriction - The bit mask of how to set the restrictions on CMK keys
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
92

TpmCmkApproveMA

public static java.lang.Object[] TpmCmkApproveMA(TcIStreamDest dest,
                                                 TcTpmDigest migrationAuthorityDigest,
                                                 TcTcsAuth inAuth1)
                                          throws TcTddlException,
                                                 TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
migrationAuthorityDigest - A digest of a TcTpmMsaComposite structure (itself one or more digests of public keys belonging to migration authorities)
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... HMAC of migrationAuthorityDigest (TcTpmDigest)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
94

TpmCmkCreateKey

public static java.lang.Object[] TpmCmkCreateKey(TcIStreamDest dest,
                                                 long parentHandle,
                                                 TcTpmEncauth dataUsageAuth,
                                                 TcTpmKey12 keyInfo,
                                                 TcTpmDigest migrationAuthorityApproval,
                                                 TcTpmDigest migrationAuthorityDigest,
                                                 TcTcsAuth inAuth1)
                                          throws TcTddlException,
                                                 TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
parentHandle - Handle of a loaded key that can perform key wrapping.
dataUsageAuth - Encrypted usage AuthData for thesealed data.
keyInfo - Information about key to be created, pubkey.keyLength and keyInfo.encData elements are 0. MUST be TcTpmKey12
migrationAuthorityApproval - A ticket, created by the TPM Owner using TPM_CMK_ApproveMA, approving a TcTpmMsaComposite structure
migrationAuthorityDigest - The digest of a TcTpmMsaComposite structure
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... The TcTpmKey structure which includes the public and encrypted private key. MUST be TcTpmKey12 (TcTpmKey12)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
96

TpmCmkCreateTicket

public static java.lang.Object[] TpmCmkCreateTicket(TcIStreamDest dest,
                                                    TcTpmPubkey verificationKey,
                                                    TcTpmDigest signedData,
                                                    TcBlobData signatureValue,
                                                    TcTcsAuth inAuth1)
                                             throws TcTddlException,
                                                    TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
verificationKey - The public key to be used to check signatureValue
signedData - The data to be verified
signatureValue - The signatureValue to be verified
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... Ticket that proves digest created on this TPM (TcTpmDigest)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
99

TpmCmkCreateBlob

public static java.lang.Object[] TpmCmkCreateBlob(TcIStreamDest dest,
                                                  long parentHandle,
                                                  int migrationType,
                                                  TcTpmMigrationkeyAuth migrationKeyAuth,
                                                  TcTpmDigest pubSourceKeyDigest,
                                                  TcTpmMsaComposite msaList,
                                                  TcBlobData restrictTicket,
                                                  TcBlobData sigTicket,
                                                  TcBlobData encData,
                                                  TcTcsAuth inAuth1)
                                           throws TcTddlException,
                                                  TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
parentHandle - Handle of the parent key that can decrypt encData.
migrationType - The migration type, either TPM_MS_RESTRICT_MIGRATE or TPM_MS_RESTRICT_APPROVE_DOUBLE
migrationKeyAuth - Migration public key and its authorization session digest.
pubSourceKeyDigest - The digest of the TcTpmPubkey of the entity to be migrated
msaList - One or more digests of public keysbelonging to migration authorities
restrictTicket - Either a NULL parameter or a TcTpmCmkAuth structure, containingthe digests of the public keys belonging to the Migration Authority, the destination parent key and the key-to-be-migrated.
sigTicket - Either a NULL parameter or a TcTpmDigest structure, generated by the TPM, signaling a valid signature over restrictTicket
encData - The encrypted entity that is to bemodified.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... String used for xor encryption (TcBlobData)
  • 3 ... The modified, encrypted entity. (TcBlobData)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
101

TpmCmkConvertMigration

public static java.lang.Object[] TpmCmkConvertMigration(TcIStreamDest dest,
                                                        long parentHandle,
                                                        TcTpmCmkAuth restrictTicket,
                                                        TcTpmDigest sigTicket,
                                                        TcTpmKey12 migratedKey,
                                                        TcTpmMsaComposite msaList,
                                                        TcBlobData random,
                                                        TcTcsAuth inAuth1)
                                                 throws TcTddlException,
                                                        TcTpmException
Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
parentHandle - Handle of a loaded key that can decrypt keys.
restrictTicket - The digests of public keys belonging to the Migration Authority, the destination parentkey and the key-to-be-migrated.
sigTicket - A signature ticket, generated by the TPM, signaling a valid signature over restrictTicket
migratedKey - The public key of the key-to-be-migrated. The private portion MUST be TcTpmMigrateAsymkey properly XOR'd
msaList - One or more digests of public keys belonging to migration authorities
random - Random value used to hide key data.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... The encrypted private key that canbe loaded with TPM_LoadKey (TcBlobData)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
106