|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectiaik.tc.tss.impl.java.tsp.TcAttributes
iaik.tc.tss.impl.java.tsp.TcWorkingObject
iaik.tc.tss.impl.java.tsp.TcAuthObject
iaik.tc.tss.impl.java.tsp.TcTpm
public class TcTpm
TPM class implemented using singleton pattern.
Method Summary | |
---|---|
TcBlobData |
activateIdentity(TcIRsaKey identityKey,
TcBlobData asymCaContentsBlob,
TcBlobData symCaAttestationBlob)
For general information about this method refer to TcITpm.activateIdentity(TcIRsaKey, TcBlobData, TcBlobData) . |
TcTpmMigrationkeyAuth |
authorizeMigrationTicket(TcIRsaKey migrationKey,
long migrationScheme)
This method provides the migration ticket required for the migration process. |
TcTssValidation |
certifySelfTest(TcIRsaKey key,
TcTssValidation validation)
This method performs a self-test of each internal TPM function and returns an authenticated value (signature) if the test has passed. |
void |
changeAuth(TcIAuthObject parentObject,
TcIPolicy newPolicy)
This method changes the authorization data (secret) of an entity (object) and assigns the object to the newPolicy object. |
TcTssValidation |
checkMaintenancePubKey(TcIRsaKey key,
TcTssValidation validationData)
This method proofs the maintenance public key. |
void |
clearOwner(boolean forcedClear)
This method clears the TPM ownership. |
void |
CMKApproveMA(TcIMigData maAuthData)
This method creates an authorization ticket, to allow the TPM owner to specify which Migration Authorities they approve and allow users to create certified-migration-keys without further involvement with the TPM owner. |
void |
CMKCreateTicket(TcIRsaKey verifyKey,
TcIMigData sigData)
This method uses a public key to verify the signature over a digest. |
void |
CMKSetRestrictions(long cmkDelegate)
This method is used by the owner to globally dictate the usage of a certified migration key with delegated authorization. |
TcBlobData |
collateIdentityRequest(TcIRsaKey srk,
TcIRsaKey caPubKeyRsa,
TcBlobData identityLabel,
TcIRsaKey identityKey,
long algId)
Implementation specific notes: This implementation only supports AES for symmetric encryption. |
TcTssValidation |
createEndorsementKey(TcIRsaKey key,
TcTssValidation validationData)
This method creates the endorsement key. |
java.lang.Object[] |
createRevocableEndorsementKey(TcIRsaKey key,
TcTssValidation validationData,
TcTpmNonce ekResetData)
This method creates the revocable endorsement key. |
TcBlobData |
dirRead(long dirIndex)
This method reads a Data Integrity Register. |
void |
dirWrite(long dirIndex,
TcBlobData dirData)
This method writes a Data Integrity Register. |
TcBlobData |
getAttribCallback(long subFlag)
Not yet supported. |
long |
getAttribCallbackUINT32(long subFlag)
The sole purpose of this method is to notify callers that TSS 1.1 style callback functions are not supported. |
TcBlobData |
getCapability(long capArea,
TcBlobData subCap)
This method provides the capabilities of the TPM. |
boolean |
getCapabilityBoolean(long capArea,
TcBlobData subCap)
This method is an alternative to TcITpm.getCapability(long, TcBlobData) . |
void |
getCapabilitySigned()
The TPM function TPM_GetCapabilitySigned that actually performs this functions was found to contain a vulnerability that makes its security questionable therefore its use unadvised. |
long |
getCapabilityUINT32(long capArea,
TcBlobData subCap)
This method is an alternative to TcITpm.getCapability(long, TcBlobData) . |
TcTssVersion |
getCapabilityVersion(long capArea,
TcBlobData subCap)
This method is an alternative to TcITpm.getCapability(long, TcBlobData) . |
java.lang.Object[] |
getCredentials()
This method is a TSP level front end to the TCS getCredentials method. |
TcTssPcrEvent |
getEvent(long pcrIndex,
long eventNumber)
This method provides a PCR event for a given PCR index and event number. |
int |
getEventCount(long pcrIndex)
This method is similar to the getEvents method. |
TcTssPcrEvent[] |
getEventLog()
This method provides the whole event log. |
TcTssPcrEvent[] |
getEvents(long pcrIndex,
long startNumber,
long eventNumber)
This method provides a specific number of PCR events for a given index. |
TcIPolicy |
getOperatorPolicyObject()
This method returns a policy object representing the operator policy currently assigned to the object. |
TcIPolicy |
getPolicyObject(long policyType)
Note: Policy objects are returned by reference. |
java.lang.Object[] |
getPubEndorsementKey(boolean ownerAuthorized,
TcTssValidation validationData)
This method returns the public endorsement key. |
TcIRsaKey |
getPubEndorsementKeyOwner()
This method returns the public endorsement key. |
TcBlobData |
getRandom(long length)
This method returns random data obtained from the TPM via the TSS. |
TcTssVersion |
getRealTpmVersion()
This internal method returns the TPM version as reported by using TcTssConstants.TSS_TPMCAP_VERSION_VAL for 1.2 chips and
TcTssConstants.TSS_TPMCAP_VERSION for 1.1 chips. |
boolean |
getStatus(long statusFlag)
This method returns the TPM status. |
TcBlobData |
getTestResult()
This method provides manufacturer specific information regarding the results of the self test. |
boolean |
isOrdinalSupported(long ordinal)
This method allows developers to check if a given command ordinal is supported by the TPM the context is connected to. |
boolean |
isTrousersCompatible()
|
void |
killMaintenanceFeature()
This method disables the functionality of creating a maintenance archive. |
TcTssValidation |
loadMaintenancePubKey(TcIRsaKey key,
TcTssValidation validationData)
This method loads the public maintenance key into the TPM. |
TcIRsaKey |
OwnerGetSRKPubKey()
This method returns the public part of the SRK. |
TcBlobData |
pcrExtend(long pcrIndex,
TcBlobData data,
TcTssPcrEvent pcrEvent)
This method extends a PCR register and writes the PCR event log. |
TcBlobData |
pcrRead(long pcrIndex)
This methods reads a PCR register. |
void |
pcrReset(TcIPcrComposite pcrComposite)
This methods resets a PCR register. |
TcTssValidation |
quote(TcIRsaKey identKey,
TcIPcrComposite pcrComposite,
TcTssValidation validation)
This method quotes a TCG system. |
java.lang.Object[] |
quote2(TcIRsaKey identKey,
boolean addVersion,
TcIPcrComposite pcrComposite,
TcTssValidation validation)
This method quotes a TCG system using TPM_Quote2 which provides the requestor a more complete view of the current platform configuration than TPM_Quote. |
TcTpmCounterValue |
readCurrentCounter()
This method reads the current value of the current active counter register. |
TcTpmCurrentTicks |
readCurrentTicks()
This method reads the current tick out of the TPM. |
TcBlobData |
readEkCertIfx11()
This method is VENDOR SPECIFIC for Infineon 1.1 TPMs. |
void |
revokeEndorsementKey(TcTpmNonce ekResetData)
This method clears the TPM revocable endorsement key pair. |
void |
selfTestFull()
This method performs a self-test of each internal TPM function. |
void |
setAttribCallback(long subFlag,
TcBlobData attrib)
Not yet supported. |
void |
setAttribCallbackUINT32(long subFlag,
long attrib)
The sole purpose of this method is to notify callers that TSS 1.1 style callback functions are not supported. |
void |
setAttribCredential(long subFlag,
TcBlobData credential)
This method can be used to set credentials (EK, Platform, ...) that should be used in the collateIdentity method. |
void |
setOperatorAuth(TcIPolicy operatorPolicy)
This function sets the operator authorization value in the TPM. |
void |
setStatus(long statusFlag,
boolean tpmState)
This method modifies the TPM status. |
void |
setTrousersCompatible(boolean trousersCompatible)
|
void |
stirRandom(TcBlobData entropyData)
This method adds entropy to the TPM Random Number Generator. |
void |
takeOwnership(TcIRsaKey srk,
TcIRsaKey pubEk)
This method takes ownership of the TPM. |
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAuthObject |
---|
changeAuthAsym, getUsagePolicyObject |
Methods inherited from class iaik.tc.tss.impl.java.tsp.TcAttributes |
---|
getAttribData, getAttribUint32, setAttribData, setAttribUint32 |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAttributes |
---|
getAttribData, getAttribUint32, setAttribData, setAttribUint32 |
Methods inherited from interface iaik.tc.tss.api.tspi.TcIAuthObject |
---|
changeAuthAsym, getUsagePolicyObject |
Method Detail |
---|
public boolean isTrousersCompatible()
public void setTrousersCompatible(boolean trousersCompatible)
public TcBlobData activateIdentity(TcIRsaKey identityKey, TcBlobData asymCaContentsBlob, TcBlobData symCaAttestationBlob) throws TcTssException
TcITpm.activateIdentity(TcIRsaKey, TcBlobData, TcBlobData)
.
Implementation note: The following symmetric algorithms are supported:
TcTssConstants.TSS_ALG_AES
(same as AES_128)
TcTssConstants.TSS_ALG_AES128
TcTssConstants.TSS_ALG_AES192
TcTssConstants.TSS_ALG_AES256
TcTssConstants.TSS_ALG_3DES
activateIdentity
in interface TcITpm
identityKey
- The identity key object.asymCaContentsBlob
- The blob containing the encrypted ASYM_CA_CONTENTS data structure
received from the Privacy CA.symCaAttestationBlob
- The blob containing the encrypted SYM_CA_ATTESTATION data structure
received from the Privacy CA.
TcTssException
public TcTpmMigrationkeyAuth authorizeMigrationTicket(TcIRsaKey migrationKey, long migrationScheme) throws TcTssException
TcITpm
authorizeMigrationTicket
in interface TcITpm
migrationKey
- key object representing the migration key.migrationScheme
- Flag indicating the migration scheme to be used. TcTssException
public TcTssValidation certifySelfTest(TcIRsaKey key, TcTssValidation validation) throws TcTssException
TcITpm
TcTssConstants.TSS_SS_RSASSAPKCS1V15_SHA1
, the return value can either be a
BAD_PARAMETER error or success with a vendor specific signature.
certifySelfTest
in interface TcITpm
key
- Signature key.validation
- ExternalData information required to compute the signature. If not validation
data is provided (i.e. this parameter is set to null), validation is done by the TSP.
TcTssException
public TcTssValidation checkMaintenancePubKey(TcIRsaKey key, TcTssValidation validationData) throws TcTssException
TcITpm
checkMaintenancePubKey
in interface TcITpm
key
- maintenance key objectvalidationData
- externalData information required to compute the signature.
TcTssException
public void clearOwner(boolean forcedClear) throws TcTssException
TcITpm
clearOwner
in interface TcITpm
forcedClear
- If FALSE, a clear ownership with proof of the TPM owner secret is done. If
TRUE, a forced clear ownership with proof of physical access is done.
TcTssException
public TcBlobData collateIdentityRequest(TcIRsaKey srk, TcIRsaKey caPubKeyRsa, TcBlobData identityLabel, TcIRsaKey identityKey, long algId) throws TcTssException
TcTssConstants.TSS_ALG_AES
(same as AES_128)
TcTssConstants.TSS_ALG_AES128
TcTssConstants.TSS_ALG_AES192
TcTssConstants.TSS_ALG_AES256
TcTssConstants.TSS_ALG_3DES
TcTssConstants.TSS_ES_SYM_CBC_PKCS5PAD
).
For general information about this method refer to
TcITpm.collateIdentityRequest(TcIRsaKey, TcIRsaKey, TcBlobData, TcIRsaKey, long)
.
collateIdentityRequest
in interface TcITpm
srk
- object (Storage Root Key).caPubKeyRsa
- Key object holding the public key of the CA which signs the certificate of the
created identity key.identityLabel
- The identity label which should be a UNICODE string.identityKey
- Identity key object. The template for the identity key to be created. The
key parameters must be set up correctly when creating the key object before this
method is called..algId
- Symmetric algorithm to use as required by the Privacy CA.
TcTssException
public TcTssValidation createEndorsementKey(TcIRsaKey key, TcTssValidation validationData) throws TcTssException, TcTcsException, TcTpmException, TcTddlException
TcITpm
TcIAttributes.setAttribUint32(long, long, long)
and
TcIAttributes.setAttribData(long, long, TcBlobData)
createEndorsementKey
in interface TcITpm
key
- Key object specifying the attributes of the endorsement key to create.validationData
- Provides externalData information required to compute the checksum. If
the TSP should compute compute the checksum set this parameter to null.
TcTssException
TcTcsException
TcTpmException
TcTddlException
public java.lang.Object[] createRevocableEndorsementKey(TcIRsaKey key, TcTssValidation validationData, TcTpmNonce ekResetData) throws TcTssException, TcTcsException, TcTpmException, TcTddlException
TcITpm
TcIAttributes.setAttribUint32(long, long, long)
and
TcIAttributes.setAttribData(long, long, TcBlobData)
createRevocableEndorsementKey
in interface TcITpm
key
- Key object specifying the attributes of the endorsement key to create.validationData
- Provides externalData information required to compute the checksum. If
the TSP should compute compute the checksum set this parameter to null.ekResetData
- The authorization value to be used with RevokeEndorsementKeyPair. Generated
by the TPM if null.
TcTssValidation
TcTpmNonce
TcTssException
TcTcsException
TcTpmException
TcTddlException
public void revokeEndorsementKey(TcTpmNonce ekResetData) throws TcTssException, TcTcsException, TcTpmException, TcTddlException
TcITpm
revokeEndorsementKey
in interface TcITpm
ekResetData
- The authorization value which was set with
createRevocableEndorsementKey
TcTssException
TcTcsException
TcTpmException
TcTddlException
public TcBlobData dirRead(long dirIndex) throws TcTssException
TcITpm
dirRead
in interface TcITpm
dirIndex
- Index of the DIR to read.
TcTssException
public void dirWrite(long dirIndex, TcBlobData dirData) throws TcTssException
TcITpm
dirWrite
in interface TcITpm
dirIndex
- Index of the DIR to write.dirData
- data to be written to the DIR.
TcTssException
public TcBlobData getCapability(long capArea, TcBlobData subCap) throws TcTssException
TcITpm
getCapability
in interface TcITpm
capArea
- Flag indicating the attribute to query. TcTssConstants.TSS_TPMCAP_ORD
TcTssConstants.TSS_TPMCAP_FLAG
TcTssConstants.TSS_TPMCAP_ALG
TcTssConstants.TSS_TPMCAP_PROPERTY
TcTssConstants.TSS_TPMCAP_VERSION
TcTssConstants.TSS_TPMCAP_VERSION_VAL
TcTssConstants.TSS_TPMCAP_NV_LIST
TcTssConstants.TSS_TPMCAP_NV_INDEX
TcTssConstants.TSS_TPMCAP_MFR
TcTssConstants.TSS_TPMCAP_SYM_MODE
TcTssConstants.TSS_TPMCAP_HANDLE
TcTssConstants.TSS_TPMCAP_TRANS_ES
TcTssConstants.TSS_TPMCAP_AUTH_ENCRYPT
subCap
- Data indicating the attribute to query. TcTssException
public boolean getCapabilityBoolean(long capArea, TcBlobData subCap) throws TcTssException
TcITpm
TcITpm.getCapability(long, TcBlobData)
. The only
difference is that the returned data is interpreted as TSS_BOOL (boolean).
getCapabilityBoolean
in interface TcITpm
TcTssException
public long getCapabilityUINT32(long capArea, TcBlobData subCap) throws TcTssException
TcITpm
TcITpm.getCapability(long, TcBlobData)
. The only
difference is that the returned data is interpreted as UINT32 (long).
getCapabilityUINT32
in interface TcITpm
TcTssException
public TcTssVersion getCapabilityVersion(long capArea, TcBlobData subCap) throws TcTssException
TcITpm
TcITpm.getCapability(long, TcBlobData)
. The only
difference is that the returned data is interpreted as TSS_VERSION.
Note that on 1.2 TPMs, TSS_TPMCAP_VERSION is fixed to always return 1.1.0.0. To obtain the real
TPM version on a 1.2 TPM, TSS_TPMCAP_VERSION_VAL has to be used. TSS_TPMCAP_VERSION_VAL not
only retrieves the version but a TcTpmCapVersionInfo
structure. This method returns the
version field of this structure. To obtain the full TcTpmCapVersionInfo
structure, use
TcITpm.getCapability(long, TcBlobData)
.
getCapabilityVersion
in interface TcITpm
capArea
- Flag indicating the attribute to query subCap
- Ignored (set to null);
TcTssException
public TcTssVersion getRealTpmVersion() throws TcTssException
TcTssConstants.TSS_TPMCAP_VERSION_VAL
for 1.2 chips and
TcTssConstants.TSS_TPMCAP_VERSION
for 1.1 chips.
TcTssException
public void getCapabilitySigned() throws TcTssException
TcITpm
getCapabilitySigned
in interface TcITpm
TcTssException
public TcTssPcrEvent getEvent(long pcrIndex, long eventNumber) throws TcTssException
TcITpm
getEvent
in interface TcITpm
pcrIndex
- Index of the PCR to request.eventNumber
- Index of the event to request.
TcTssException
public int getEventCount(long pcrIndex) throws TcTssException
TcITpm
getEventCount
in interface TcITpm
pcrIndex
- Index of the PCR to request.
TcTssException
public TcTssPcrEvent[] getEventLog() throws TcTssException
TcITpm
getEventLog
in interface TcITpm
TcTssException
public TcTssPcrEvent[] getEvents(long pcrIndex, long startNumber, long eventNumber) throws TcTssException
TcITpm
getEvents
in interface TcITpm
pcrIndex
- Index of the PCR to request.startNumber
- Index of the first event to request.eventNumber
- Number of elements to request.
TcTssException
public java.lang.Object[] getPubEndorsementKey(boolean ownerAuthorized, TcTssValidation validationData) throws TcTssException
TcITpm
TcIAttributes.getAttribData(long, long)
.
getPubEndorsementKey
in interface TcITpm
ownerAuthorized
- Flag determining if owner authorization is required. Note that owner
authorization is not required if the ownership of the TPM has not yet been taken.
After TPM ownership has been taken, owner authorization is required to obtain the
public EK.validationData
- External data that is used by the TPM to compute the checksum. If this
parameter is omitted (i.e. it is set to null), the validation is done by the TSP:
TcIRsaKey
TcTssValidation
TcTssException
public TcIRsaKey getPubEndorsementKeyOwner() throws TcTssException
TcITpm
TcIAttributes.getAttribData(long, long)
. This method always
tries to read the public EK using owner authorization. If effectively is a shortcut for
TcITpm.getPubEndorsementKey(boolean, TcTssValidation)
with (true, null) as parameters.
getPubEndorsementKeyOwner
in interface TcITpm
TcIRsaKey
TcTssException
public TcBlobData getRandom(long length) throws TcTssException
TcITpm
getRandom
in interface TcITpm
length
- The length of the data to be requested. The maximum length of the random data is
4096.
TcTssException
public boolean getStatus(long statusFlag) throws TcTssException
TcITpm
TcTssConstants.TSS_TPMSTATUS_DISABLEOWNERCLEAR
TcTssConstants.TSS_TPMSTATUS_DISABLEFORCECLEAR
TcTssConstants.TSS_TPMSTATUS_DISABLED
TcTssConstants.TSS_TPMSTATUS_PHYSICALSETDEACTIVATED
TcTssConstants.TSS_TPMSTATUS_SETTEMPDEACTIVATED
TcTssConstants.TSS_TPMSTATUS_SETOWNERINSTALL
TcTssConstants.TSS_TPMSTATUS_DISABLEPUBEKREAD
TcTssConstants.TSS_TPMSTATUS_ALLOWMAINTENANCE
TcTssConstants.TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK
TcTssConstants.TSS_TPMSTATUS_PHYSPRES_HWENABLE
TcTssConstants.TSS_TPMSTATUS_PHYSPRES_CMDENABLE
TcTssConstants.TSS_TPMSTATUS_CEKP_USED
TcTssConstants.TSS_TPMSTATUS_PHYSPRESENCE
TcTssConstants.TSS_TPMSTATUS_PHYSPRES_LOCK
getStatus
in interface TcITpm
statusFlag
- status flag to be read
TcTssException
public TcBlobData getTestResult() throws TcTssException
TcITpm
getTestResult
in interface TcITpm
TcTssException
public void killMaintenanceFeature() throws TcTssException
TcITpm
killMaintenanceFeature
in interface TcITpm
TcTssException
public TcTssValidation loadMaintenancePubKey(TcIRsaKey key, TcTssValidation validationData) throws TcTssException
TcITpm
loadMaintenancePubKey
in interface TcITpm
key
- maintenance key objectvalidationData
- externalData information required to compute the signature. If
validationData != NULL: The caller has to proof the digest by its own. If
validationData == NULL: The TSS Service Provider proofs the digest got from the TPM
internally.
TcTssException
public TcBlobData pcrExtend(long pcrIndex, TcBlobData data, TcTssPcrEvent pcrEvent) throws TcTssException
TcITpm
pcrExtend
in interface TcITpm
pcrIndex
- Index of the PCR to extend.data
- Data blob for the PCR extend operation.pcrEvent
- Contains the info for an event entry. If this object is null no event entry is
created and the method only executes an TPM extend operation
TcTssException
public TcBlobData pcrRead(long pcrIndex) throws TcTssException
TcITpm
pcrRead
in interface TcITpm
pcrIndex
- Index of the PCR to read.
TcTssException
public void pcrReset(TcIPcrComposite pcrComposite) throws TcTssException
TcITpm
pcrReset
in interface TcITpm
pcrComposite
- Indices of the PCR to read.
TcTssException
public TcTssValidation quote(TcIRsaKey identKey, TcIPcrComposite pcrComposite, TcTssValidation validation) throws TcTssException
TcITpm
TcTssConstants.TSS_PCRS_STRUCT_INFO
is used in the
PcrComposite a TcTssException
with error code
TcTssErrors.TSS_E_INVALID_OBJ_ACCESS
is thrown. The returned signature is computed over
the TcTpmQuoteInfo
structure.
quote
in interface TcITpm
identKey
- Signature key.pcrComposite
- PCR composite object. Will be used as input only.validation
- Provides externalData information required to compute the signature. If this
parameter is omitted (set to null), the TSP will generate external data and do the
validation.TcTssException
public java.lang.Object[] quote2(TcIRsaKey identKey, boolean addVersion, TcIPcrComposite pcrComposite, TcTssValidation validation) throws TcTssException
TcITpm
TcTssConstants.TSS_PCRS_STRUCT_INFO_SHORT
is used in the
PcrComposite a TcTssException
with error code
TcTssErrors.TSS_E_INVALID_OBJ_ACCESS
is thrown. The returned signature is computed over
the TcTpmQuoteInfo
structure.
quote2
in interface TcITpm
identKey
- Signature key.addVersion
- If true, the TPM version is added to the output otherwise it is omitted.pcrComposite
- PCR composite object. Will be used as input only.validation
- Provides externalData information required to compute the signature. If this
parameter is omitted (set to null), the TSP will generate external data and do the
validation.TcTssValidation
TcTpmConstants.TPM_CAP_VERSION_VAL
. If
addVersion is false, this element is null (TcTpmCapVersionInfo
.
TcTssException
public void selfTestFull() throws TcTssException
TcITpm
selfTestFull
in interface TcITpm
TcTssException
public void setStatus(long statusFlag, boolean tpmState) throws TcTssException
TcITpm
setStatus
in interface TcITpm
statusFlag
- determines the flag to be set. TcTssConstants.TSS_TPMSTATUS_DISABLEOWNERCLEAR
, tpmState is ignoredTcTssConstants.TSS_TPMSTATUS_DISABLEFORCECLEAR
, tpmState is ignoredTcTssConstants.TSS_TPMSTATUS_OWNERSETDISABLE
TcTssConstants.TSS_TPMSTATUS_PHYSICALDISABLE
TcTssConstants.TSS_TPMSTATUS_PHYSICALSETDEACTIVATED
TcTssConstants.TSS_TPMSTATUS_SETTEMPDEACTIVATED
, tpmState is ignoredTcTssConstants.TSS_TPMSTATUS_SETOWNERINSTALL
TcTssConstants.TSS_TPMSTATUS_DISABLEPUBEKREAD
, tpmState is ignoredtpmState
- the new value of the flag
TcTssException
public void stirRandom(TcBlobData entropyData) throws TcTssException
TcITpm
stirRandom
in interface TcITpm
entropyData
- The entropy data.
TcTssException
public void takeOwnership(TcIRsaKey srk, TcIRsaKey pubEk) throws TcTssException
TcITpm
takeOwnership
in interface TcITpm
srk
- The storage root key object.pubEk
- The public endorsement key object. The public endorsement key is required for
encryption of the SRK and EK secret sent to the TPM. The pubEk parameter can be set to
null. In this case, the takeOwnership method will query the TPM for the public
endorsement key.s
TcTssException
public TcIPolicy getPolicyObject(long policyType) throws TcTssException
TcAuthObject
TcIAuthObject.getPolicyObject(long)
.
getPolicyObject
in interface TcIAuthObject
getPolicyObject
in class TcAuthObject
policyType
- The policy type to be returned (TSS_POLICY_*)
TcTssException
public TcIPolicy getOperatorPolicyObject() throws TcTssException
TcTssException
public java.lang.Object[] getCredentials() throws TcTssException
TcITpm
interface.
Note that if a certificate is not available on the system, null is returned for this
certificate.
{@link
- TcTssException}
TcTssException
public TcBlobData readEkCertIfx11() throws TcTssException
TcTspException
will be
thrown. This obviously is not available in all TSSs and therefore not standardized in the
TcITpm
.
{@link
- TcTssException}
TcTssException
public boolean isOrdinalSupported(long ordinal) throws TcTssException
ordinal
- The TPM command ordinal to be checked.
{@link
- TcTssException}
TcTssException
public void changeAuth(TcIAuthObject parentObject, TcIPolicy newPolicy) throws TcTssException
TcIAuthObject
changeAuth
in interface TcIAuthObject
parentObject
- The parent object wrapping this object.newPolicy
- Policy object providing the new authorization data.
TcTssException
public void setAttribCallbackUINT32(long subFlag, long attrib) throws TcTssException
TcTssException
public long getAttribCallbackUINT32(long subFlag) throws TcTssException
TcTssException
public void setAttribCallback(long subFlag, TcBlobData attrib) throws TcTssException
TcTssException
public TcBlobData getAttribCallback(long subFlag) throws TcTssException
TcTssException
public void setAttribCredential(long subFlag, TcBlobData credential) throws TcTssException
subFlag
- Sub flag indicating the attribute to set. Valid subFlags are:
TcTssConstants.TSS_TPMATTRIB_EKCERT
TcTssConstants.TSS_TPMATTRIB_TPM_CC
TcTssConstants.TSS_TPMATTRIB_PLATFORM_CC
TcTssConstants.TSS_TPMATTRIB_PLATFORMCERT
credential
- The credential blob to set.
{@link
- TcTssException}
TcTssException
public TcTpmCurrentTicks readCurrentTicks() throws TcTssException
TcITpm
readCurrentTicks
in interface TcITpm
TcTssException
public TcTpmCounterValue readCurrentCounter() throws TcTssException
TcITpm
readCurrentCounter
in interface TcITpm
TcTssException
public TcIRsaKey OwnerGetSRKPubKey() throws TcTssException
TcITpm
OwnerGetSRKPubKey
in interface TcITpm
TcTssException
public void CMKApproveMA(TcIMigData maAuthData) throws TcTssException
TcITpm
CMKApproveMA
in interface TcITpm
maAuthData
- Migration data properties object to transfer the input and output data blob
during the migration process. For this command the object calculates the digest of the
selected MSA (Migration Selection Authority) which are imported into this object.
TcTssException
public void CMKCreateTicket(TcIRsaKey verifyKey, TcIMigData sigData) throws TcTssException
TcITpm
CMKCreateTicket
in interface TcITpm
verifyKey
- The Key object containing the public key used to check the signature value.sigData
- Migration data properties object to transfer the input and output data blob
during the migration process. For this command the object includes the data proper
to be signed and the signature value to be verified. The caller can access the
ticket/signature data via GetAttribData().
TcTssException
public void CMKSetRestrictions(long cmkDelegate) throws TcTssException
TcITpm
CMKSetRestrictions
in interface TcITpm
cmkDelegate
- Bit mask to determine the restrictions on certified-migration-keys
Valid Flags are:
TcTssException
public void setOperatorAuth(TcIPolicy operatorPolicy) throws TcTssException
TcITpm
setOperatorAuth
in interface TcITpm
operatorPolicy
- the policy object holding the new operator authorization value.
TcTssException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |