iaik.tc.tss.impl.java.tsp.internal
Class TcTspInternal

java.lang.Object
  iaik.tc.tss.impl.java.tsp.internal.TcTspCommon
      iaik.tc.tss.impl.java.tsp.internal.TcTspInternal

public class TcTspInternal
extends TcTspCommon

Constructor Summary

TcTspInternal()

Method Summary

TcTcsAuth	FieldUpgrade(TcContext context, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command is vendor specific.
static void	TcsipEvictKey(TcContext context, long keyHandle) This method allows to flush a key from the key cache.
static java.lang.Object[]	TspActivateIdentity_Internal(TcContext context, long idKeyHandle, TcBlobData blob, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret idKeyAuth, TcTpmSecret ownerAuth) The purpose of this method is twofold: The first purpose is to obtain assurance that the credential in the TPM_SYM_CA_ATTESTATION is for this TPM.
static java.lang.Object[]	TspAuthorizeMigrationKey_Internal(TcContext context, int migrationScheme, TcTpmPubkey migrationKey, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method creates an authorization blob to allow the TPM owner to specify which migration facility they will use and allow users to migrate information without further involvement with the TPM owner.
static java.lang.Object[]	TspCertifyKey_Internal(TcContext context, long certHandle, long keyHandle, TcTpmNonce antiReplay, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret certAuth, TcTpmSecret keyAuth) This method allows a key to certify the public portion of certain storage and signing keys.
static java.lang.Object[]	TspCertifyKey2_Internal(TcContext context, long certHandle, long keyHandle, TcTpmDigest migrationPubDigest, TcTpmNonce antiReplay, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret keyAuth, TcTpmSecret certAuth) This method allows a key to certify the public portion of certifiable migratable storage and signing keys.
static java.lang.Object[]	TspChangeAuth_Internal(TcContext context, long parentHandle, int protocolID, TcTpmEncauth newAuth, int entityType, TcBlobData encData, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret parentAuth, TcTpmSecret entityAuth, TcTpmSecret entityAuthVal) This method allows the owner of an entity to change the authorization data for the entity.
static java.lang.Object[]	TspChangeAuthAsymFinish_Internal(TcContext context, long parentHandle, long ephHandle, int entityType, TcTpmDigest newAuthLink, TcBlobData encNewAuth, TcBlobData encData, TcTcsAuth inAuth1, TcTpmSecret privAuth) This method completes the process of changing authorization for an entity.
static java.lang.Object[]	TspChangeAuthAsymStart_Internal(TcContext context, long idHandle, TcTpmNonce antiReplay, TcTpmKeyParms tempKey, TcTcsAuth inAuth1, TcTpmSecret idAuth) This method starts the process of changing authorization for an entity.
static TcTcsAuth	TspChangeAuthOwner_Internal(TcContext context, int protocolID, TcTpmEncauth newAuth, int entityType, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method allows the owner of an entity to change the authorization data fro the TPM owner or the SRK.
static java.lang.Object[]	TspCMK_CreateTicket_Internal(TcContext context, TcTpmPubkey verificationKey, TcTpmDigest signedData, TcBlobData signatureValue, TcTcsAuth inAuth1, TcTpmSecret pubAuth) This owner controlled command uses a public key to verify the signature over a digest.
static java.lang.Object[]	TspCmkApproveMA_Internal(TcContext context, TcTpmDigest migrationAuthorityDigest, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command is used to create an authorization ticket, to allow the TPM owner to specify/select one or more migration authorities they approve and allow user to generate CMKs without further involvement of the owner.
static java.lang.Object[]	TspCmkConvertMigration_Internal(TcContext context, long parentHandle, TcTpmCmkAuth restrictTicket, TcTpmDigest sigTicket, TcTpmKey12 migratedKey, TcTpmMsaComposite msaList, TcBlobData random, TcTcsAuth inAuth1, TcTpmSecret parentAuth) This command is used as the final step to finish migrating a key to a new TPM.
static java.lang.Object[]	TspCmkCreateBlob_Internal(TcContext context, long parentHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcTpmDigest pubSourceKeyDigest, TcTpmMsaComposite msaList, TcBlobData restrictTicket, TcBlobData sigTicket, TcBlobData encData, TcTcsAuth inAuth1, TcTpmSecret parentAuth) This command is similar to TcspiCreateMigrationBlob, except that it uses migration authority data whose migration data are independent from tpmProof.
static java.lang.Object[]	TspCmkCreateKey_Internal(TcContext context, long parentHandle, TcTpmEncauth dataUsageAuth, TcTpmKey12 keyInfo, TcTpmDigest migrationAuthorityApproval, TcTpmDigest migrationAuthorityDigest, TcTcsAuth inAuth1, TcTpmSecret pubAuth) This command both generates and creates a secure storage bundle for asymmetric keys whose migration is controlled/restricted by a migration authority.
static TcTcsAuth	TspCmkSetRestrictions_Internal(TcContext context, long restriction, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command is used by the owner to order the usage of a CMK with delegated authorization.
static void	TspContextClose_Internal(TcContext context)
static void	TspContextConnect_Internal(TcContext context, java.lang.String hostname)
static TcBlobData	TspContextGetCapability_Internal(TcContext context, long capArea, TcBlobData subCap)
static long	TspContextOpen_Internal(TcContext context)
static void	TspContinueSelfTest_Internal(TcContext context) This method informs the TPM that it may complete the self test of all TPM functions.
static java.lang.Object[]	TspConvertMigrationBlob_Internal(TcContext context, long parentHandle, TcBlobData inData, TcBlobData random, TcTcsAuth inAuth1, TcTpmSecret parentAuth) This method takes a migration blob and creates a normal wrapped blob.
static java.lang.Object[]	TspCreateCounter_Internal(TcContext context, TcTpmEncauth encAuth, TcBlobData label, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method creates a new counter in the TPM.
static java.lang.Object[]	TspCreateEndorsementKeyPair_Internal(TcContext context, TcTpmKeyParms keyInfo, TcTpmNonce antiReplay) This method generates the endorsement key pair.
static java.lang.Object[]	TspCreateMaintenanceArchive_Internal(TcContext context, boolean generateRandom, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method creates a TPM maintenance archive.
static java.lang.Object[]	TspCreateMigrationBlob_Internal(TcContext context, long parentHandle, int migrationType, TcTpmMigrationkeyAuth migrationKeyAuth, TcBlobData encData, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret parentAuth, TcTpmSecret entityAuth) This method implements the first step in the process of moving a migratable key to a new parent key or platform.
static java.lang.Object[]	TspCreateRevocableEK_Internal(TcContext context, TcTpmKeyParms keyInfo, TcTpmNonce antiReplay, boolean generateReset, TcTpmNonce inputEKreset) This method generates the revocable endorsement key pair.
static java.lang.Object[]	TspCreateWrapKey_Internal(TcContext context, long parentHandle, TcTpmEncauth dataUsageAuth, TcTpmEncauth dataMigrationAuth, TcITpmKeyNew keyInfo, TcTcsAuth inAuth1, TcTpmSecret pubAuth)
static java.lang.Object[]	TspDaaJoin_Internal(TcContext context, long handle, short stage, TcBlobData inputData0, TcBlobData inputData1, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method executes a TPM DAA join command.
static java.lang.Object[]	TspDaaSign_Internal(TcContext context, long handle, short stage, TcBlobData inputData0, TcBlobData inputData1, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method executes a TPM DAA sign command.
static java.lang.Object[]	TspDelegate_ReadTable_Internal(TcContext context) This command is used to read from the TPM the public contents of the family and delegate tables that are stored on the TPM.
static java.lang.Object[]	TspDelegate_UpdateVerificationCount_Internal(TcContext context, TcBlobData inputData, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method sets the cerificationCount in an entity (a blob or a delegation row) to the current family value, in order that the delegations represented by that entity will continue to be accepted by the TPM.
static java.lang.Object[]	TspDelegateCreateKeyDelegation_Internal(TcContext context, long keyHandle, TcTpmDelegatePublic publicInfo, TcTpmEncauth delAuth, TcTcsAuth inAuth1, TcTpmSecret privAuth) This method is used to delegate the privilege to us a key by creating a blob that can be used TPM_DSAP.
static java.lang.Object[]	TspDelegateCreateOwnerDelegation_Internal(TcContext context, boolean increment, TcTpmDelegatePublic publicInfo, TcTpmEncauth delAuth, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method is used to delegate owner privileges to use a set of command ordinals by creating a blob.
static TcTcsAuth	TspDelegateLoadOwnerDelegation_Internal(TcContext context, long index, TcTpmDelegateOwnerBlob blob, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method is used to load an owner delegation blob into the TPM non-volatile delegation table.
static java.lang.Object[]	TspDelegateManage_Internal(TcContext context, long familyID, long opCode, TcBlobData opData, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command is authorized either by the TPM owner or by physical presence.
static void	TspDelegateVerifyDelegation_Internal(TcContext context, TcBlobData delegation) This method interprets a delegate blob and returns success or failure, depending on whether the blob is currently valid.
static TcTpmDigest	TspDirRead_Internal(TcContext context, long dirIndex) This method provides read access to the Data Integrity Registers.
static TcTcsAuth	TspDirWriteAuth_Internal(TcContext context, long dirIndex, TcTpmDigest newContents, TcTcsAuth inAuth1, TcTpmSecret ownerAuth)
static void	TspDisableForceClear_Internal(TcContext context) This command disables the execution of the ForceClear command until next startup cycle.
static TcTcsAuth	TspDisableOwnerClear_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command disables the ability to execute the OwnerClear command permanently.
static TcTcsAuth	TspDisablePubekRead_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method returns the public portion of the endorsement key.
static java.lang.Object[]	TspDSAP_Internal(TcContext context, int entityType, long keyHandle, TcTpmNonce nonceOddDSAP, TcBlobData entityValue) This method opens a delegated authorization session.
static java.lang.Object[]	TspEstablishTransport_Internal(TcContext context, long encHandle, TcTpmTransportPublic transPublic, TcBlobData secret, TcTcsAuth inAuth1, TcTpmSecret keyAuth)
static java.lang.Object[]	TspExecuteTransport_Internal(TcContext context, TcBlobData wrappedCmd, long transHandle, TcTcsAuth inAuth1, TcTpmSecret transAuth)
static TcTpmDigest	TspExtend_Internal(TcContext context, long pcrNum, TcTpmDigest inDigest) This command causes the modification of a specific PCR register.
static void	TspForceClear_Internal(TcContext context) This method performs the clear operation under physical presence.
static java.lang.Object[]	TspGetAuditDigest_Internal(TcContext context, long startOrdinal) This method gets the digest of audited ordinals.
static java.lang.Object[]	TspGetAuditDigestSigned_Internal(TcContext context, long keyHandle, boolean closeAudit, TcTpmNonce antiReplay, TcTcsAuth inAuth1, TcTpmSecret keyAuth) This method gets the signed digest of audited ordinals.
static TcBlobData	TspGetCapability_Internal(TcContext context, long capArea, TcBlobData subCap) This method allows the TPM to report back the requestor what type of TPM it is dealing with.
static java.lang.Object[]	TspGetCapabilityOwner_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method enables the TPM owner to retrieve information belonging to the TPM owner.
static java.lang.Object[]	TspGetCredentials_Internal(TcContext context)
static TcTssPcrEvent	TspGetPcrEvent(TcContext context, long pcrIndex, long number) This method is used to retrieve events logged with TcTcsi.TcsiLogPcrEvent(long, TcTssPcrEvent).
static long	TspGetPcrEventCount(TcContext context, long pcrIndex) This method returns the number of events logged with TcTcsi.TcsiLogPcrEvent(long, TcTssPcrEvent).
static TcTssPcrEvent[]	TspGetPcrEventLog(TcContext context) This method returns the event log of all events since the TPM was initialized.
static TcTssPcrEvent[]	TspGetPcrEventsByPcr(TcContext context, long pcrIndex, long firstEvent, long eventCount) This metho returns an event log bound to a single PCR.
static java.lang.Object[]	TspGetPubKey_Internal(TcContext context, long keyHandle, TcTcsAuth inAuth1, TcTpmSecret keyAuth)
static TcBlobData	TspGetRandom_Internal(TcContext context, long bytesRequested) This method returns the next bytesRequested bytes from the random number generator to the caller.
static TcBlobData	TspGetTestResult_Internal(TcContext context) This method provides manufacturer specific information regarding the results of the self-test.
static TcBlobData	TspIfxReadTpm11Ek(TcContext context) This method reads the EK certificate embedded in 1.1b Infineon chips.
static java.lang.Object[]	TspIncrementCounter_Internal(TcContext context, long countID, TcTcsAuth inAuth1, TcTpmSecret counterAuth) This method selects a counter if one has not yet been selected, and increments that counter register.
static TcTcsAuth	TspKillMaintenanceFeature_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method triggers a permanent action that prevents ANYONE from creating a TPM maintenance archive until a new TPM owner is set.
static java.lang.Object[]	TspLoadKey2ByBlob_Internal(TcContext context, long hUnwrappingKey, TcITpmKey wrappedKeyBlob, TcTcsAuth inAuth1, TcTpmSecret parentAuth)
static java.lang.Object[]	TspLoadKeyByBlob_Internal(TcContext context, long hUnwrappingKey, TcTpmKey wrappedKeyBlob, TcTcsAuth inAuth1, TcTpmSecret parentAuth)
static java.lang.Object[]	TspLoadMaintenanceArchive_Internal(TcContext context, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method loads a TPM maintenance archive that has been massaged by the manufacturer to load into another TPM.
static TcTpmDigest	TspLoadManuMaintPub_Internal(TcContext context, TcTpmNonce antiReplay, TcTpmPubkey pubKey) This method loads the TPM manufactuerer's public key for use in the maintenance process.
static long	TspLogPcrEvent(TcContext context, TcTssPcrEvent pcrEvent) This method adds a new event to the end of the array associated with the named PCR.
static java.lang.Object[]	TspMakeIdentity_Internal(TcContext context, TcTpmEncauth identityAuth, TcTpmDigest labelPrivCADigest, TcITpmKeyNew idKeyParams, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret srkAuth, TcTpmSecret ownerAuth)
static java.lang.Object[]	TspMakeIdentity2_Internal(TcContext context, TcTpmEncauth identityAuth, TcTpmDigest labelPrivCADigest, TcITpmKeyNew idKeyParams, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret srkAuth, TcTpmSecret ownerAuth)
static java.lang.Object[]	TspMigrateKey_Internal(TcContext context, long maKeyHandle, TcTpmPubkey pubKey, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret keyAuth) This method performs the function of a migration authority.
static TcTcsAuth	TspNvDefineSpace_Internal(TcContext context, TcTpmNvDataPublic pubInfo, TcTpmEncauth encAuth, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command sets aside space in the TPM NVRAM and defines the access requirements necessary to read and write that space.
static java.lang.Object[]	TspNvReadValue_Internal(TcContext context, long nvIndex, long offset, long dataSz, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method reads a value from the NV store.
static java.lang.Object[]	TspNvReadValueAuth_Internal(TcContext context, long nvIndex, long offset, long dataSz, TcTcsAuth inAuth1, TcTpmSecret authHmac) This method reads a value from the NV store.
static TcTcsAuth	TspNvWriteValue_Internal(TcContext context, long nvIndex, long offset, TcBlobData data, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command writes the value to a defined area.
static TcTcsAuth	TspNvWriteValueAuth_Internal(TcContext context, long nvIndex, long offset, TcBlobData data, TcTcsAuth inAuth1, TcTpmSecret authValue) This command writes a previously defined area.
static TcTcsAuth	TspOIAP_Internal(TcContext context) This method allows the creation of an authorization handle and the tracking of the handle by the TPM.
static java.lang.Object[]	TspOSAP_Internal(TcContext context, int entityType, long entityValue, TcTpmNonce nonceOddOSAP) This method creates the authorization handle, the shared secret and generates nonceEven and nonceEvenOSAP.
static TcTcsAuth	TspOwnerClear_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command clears the TPM under owner authorization.
static java.lang.Object[]	TspOwnerReadInternalPub_Internal(TcContext context, long keyHandle, TcTcsAuth inAuth1, TcTpmSecret ownerAuth)
static java.lang.Object[]	TspOwnerReadPubek_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method allows the TPM owner to read the public endorsement key.
static TcTcsAuth	TspOwnerSetDisable_Internal(TcContext context, boolean disableState, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method is used to change the status of the TPM_PERSISTENT_DISABLE flag.
static TcTpmDigest	TspPcrRead_Internal(TcContext context, long pcrIndex) This method provides a non-cryptographic reporting of the contents of a named PCR.
static void	TspPcrReset_Internal(TcContext context, TcTpmPcrSelection pcrSelection) This method resets a PCR register.
static void	TspPhysicalDisable_Internal(TcContext context) This method disables the TPM physical presence.
static void	TspPhysicalEnable_Internal(TcContext context) This method enables the TPM physical presence.
static void	TspPhysicalPresence_Internal(TcContext context, int physicalPresence) This method sets the physical presence flags.
static void	TspPhysicalSetDeactivated_Internal(TcContext context, boolean state) This method sets the TPM_PERSITSTENT_FLAGS.deactivated flag to the value in the state parameter.
static java.lang.Object[]	TspQuote_Internal(TcContext context, long keyHandle, TcTpmNonce externalData, TcTpmPcrSelection targetPCR, TcTcsAuth inAuth1, TcTpmSecret privAuth) This command provides cryptographic reporting of PCR values.
static java.lang.Object[]	TspQuote2_Internal(TcContext context, long keyHandle, TcTpmNonce externalData, TcTpmPcrSelection targetPCR, boolean addVersion, TcTcsAuth inAuth1, TcTpmSecret privAuth) This command provides cryptographic reporting of PCR values.
static TcTpmCounterValue	TspReadCounter_Internal(TcContext context, long countID) This method reads the current value of a counter register.
static TcTpmCurrentTicks	TspReadCurrentTicks_Internal(TcContext context) This method reads the current tick out of the TPM.
static TcTpmDigest	TspReadManuMaintPub_Internal(TcContext context, TcTpmNonce antiReplay) This command is used to check whether the manufactuerer's public maintenance key in a TPM has the expected value.
static java.lang.Object[]	TspReadPubek_Internal(TcContext context, TcTpmNonce antiReplay) This method returns the public portion of the endorsement key.
static TcTcsAuth	TspReleaseCounter_Internal(TcContext context, long countID, TcTcsAuth inAuth1, TcTpmSecret counterAuth) This method releases a counter so that no reads or increments of the indicated counter will succeed.
static TcTcsAuth	TspReleaseCounterOwner_Internal(TcContext context, long countID, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method releases a counter so that no reads or increments of the indicated counter will succeed.
static java.lang.Object[]	TspReleaseTransportSigned_Internal(TcContext context, long keyHandle, TcTpmNonce antiReplay, long transHandle, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret keyAuth, TcTpmSecret transAuth)
static TcTcsAuth	TspResetLockValue_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) Resets the lock that get set in a TPM after multiple false authorization attempts.
static void	TspRevokeEndorsementKeyPair_Internal(TcContext context, TcTpmNonce EKReset) This method clears the TPM revocable endorsement key pair.
static java.lang.Object[]	TspSeal_Internal(TcContext context, long keyHandle, TcTpmEncauth encAuth, TcITpmPcrInfo pcrInfo, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret pubAuth) This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed.
static java.lang.Object[]	TspSealx_Internal(TcContext context, long keyHandle, TcTpmEncauth encAuth, TcTpmPcrInfoLong pcrInfo, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret pubAuth) This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed.
static void	TspSelfTestFull_Internal(TcContext context) This method triggers a test of all TPM protected capabilities.
static TcTcsAuth	TspSetCapability_Internal(TcContext context, long capArea, TcBlobData subCap, TcBlobData setValue, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method allows the caller to set values in the TPM.
static void	TspSetOperatorAuth_Internal(TcContext context, TcTpmSecret operatorAuth) Sets the operator authorization value for the platform.
static TcTcsAuth	TspSetOrdinalAuditStatus_Internal(TcContext context, long ordinalToAudit, boolean auditState, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This command sets the audit flag for a given ordinal.
static void	TspSetOwnerInstall_Internal(TcContext context, boolean state) This method determines if the TPM has a current owner.
static TcTcsAuth	TspSetRedirection_Internal(TcContext context, long keyHandle, long redirCmd, TcBlobData inputData, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) Redirected keys enable the output of a TPM to be directed to non-TCG security functions in the platform, without exposing that output to non-security functions.
static void	TspSetTempDeactivated_Internal(TcContext context) This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.
static TcTcsAuth	TspSetTempDeactivated2_Internal(TcContext context, TcTcsAuth inAuth1, TcTpmSecret operatorAuth) This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.
static TcTpmDigest	TspSHA1Complete_Internal(TcContext context, TcBlobData hashData)
static java.lang.Object[]	TspSHA1CompleteExtend_Internal(TcContext context, long pcrNum, TcBlobData hashData)
static java.lang.Long	TspSHA1Start_Internal(TcContext context)
static void	TspSHA1Update_Internal(TcContext context, long numBytes, TcBlobData hashData)
static java.lang.Object[]	TspSign_Internal(TcContext context, long keyHandle, TcBlobData areaToSign, TcTcsAuth inAuth1, TcTpmSecret privAuth) This method signs a digest and returns the resulting digital signature.
static void	TspStirRandom_Internal(TcContext context, TcBlobData inData) This method adds entropy to the RNG state.
static java.lang.Object[]	TspTakeOwnership_Internal(TcContext context, int protocolID, TcBlobData encOwnerAuth, TcBlobData encSrkAuth, TcITpmKeyNew srkParams, TcTcsAuth inAuth1, TcTpmSecret ownerAuth) This method inserts the Owner-authorization data and creates a new Storage Root Key (SRK).
static void	TspTerminateHandle_Internal(TcContext context, long handle) This method allows the TPM driver to clear out information in an authorization handle.
static java.lang.Object[]	TspTickStampBlob_Internal(TcContext context, long keyHandle, TcTpmNonce antiReplay, TcTpmDigest digestToStamp, TcTcsAuth inAuth1, TcTpmSecret privAuth) This method is similar to a time stamp: it associates a tick value with a blob, indicating that the blob existed at some point earlier than the time corresponding to the tick value.
static java.lang.Object[]	TspUnBind_Internal(TcContext context, long keyHandle, TcBlobData inData, TcTcsAuth inAuth1, TcTpmSecret privAuth) This method takes the data blob that is the result of a bind command and decrypts it for export to the user.
static java.lang.Object[]	TspUnseal_Internal(TcContext context, long parentHandle, TcITpmStoredData inData, TcTcsAuth inAuth1, TcTcsAuth inAuth2, TcTpmSecret parentAuth, TcTpmSecret dataAuth) This method will reveal sealed data only if it was encrypted on this platform and the current configuration (defined by the named PCRs) is the one named as qualified to decrypt it.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TcTspInternal

public TcTspInternal()

Method Detail

TspLoadKeyByBlob_Internal

public static java.lang.Object[] TspLoadKeyByBlob_Internal(TcContext context,
                                                           long hUnwrappingKey,
                                                           TcTpmKey wrappedKeyBlob,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret parentAuth)
                                                    throws TcTssException

Throws:

TcTssException

TspLoadKey2ByBlob_Internal

public static java.lang.Object[] TspLoadKey2ByBlob_Internal(TcContext context,
                                                            long hUnwrappingKey,
                                                            TcITpmKey wrappedKeyBlob,
                                                            TcTcsAuth inAuth1,
                                                            TcTpmSecret parentAuth)
                                                     throws TcTssException

Throws:

TcTssException

TspMakeIdentity_Internal

public static java.lang.Object[] TspMakeIdentity_Internal(TcContext context,
                                                          TcTpmEncauth identityAuth,
                                                          TcTpmDigest labelPrivCADigest,
                                                          TcITpmKeyNew idKeyParams,
                                                          TcTcsAuth inAuth1,
                                                          TcTcsAuth inAuth2,
                                                          TcTpmSecret srkAuth,
                                                          TcTpmSecret ownerAuth)
                                                   throws TcTssException

Parameters:

context - The context this call is associated with.

identityAuth - Encrypted usage AuthData for the new identity

labelPrivCADigest - The digest of the identity label and privacy CA chosen for the AIK

idKeyParams - Structure containing all parameters of new identity key. pubKey.keyLength & idKeyParams.encData are both 0. This object may be of type TcTpmKeyNew or TcTpmKey12New.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

srkAuth - HMAC key for the first authorization session.

ownerAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... The newly created identity key. (TcTpmKey of TcTpmKey12)
• 3 ... Signature of TcTpmIdentityContents using idKey.private. (TcBlobData)
• 4 ... Endorsement Credential. (TcBlobData)
• 5 ... Platform Credential. (TcBlobData)
• 6 ... Conformance Credential. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspMakeIdentity2_Internal

public static java.lang.Object[] TspMakeIdentity2_Internal(TcContext context,
                                                           TcTpmEncauth identityAuth,
                                                           TcTpmDigest labelPrivCADigest,
                                                           TcITpmKeyNew idKeyParams,
                                                           TcTcsAuth inAuth1,
                                                           TcTcsAuth inAuth2,
                                                           TcTpmSecret srkAuth,
                                                           TcTpmSecret ownerAuth)
                                                    throws TcTssException

Parameters:

context - The context this call is associated with.

identityAuth - Encrypted usage AuthData for the new identity

labelPrivCADigest - The digest of the identity label and privacy CA chosen for the AIK

idKeyParams - Structure containing all parameters of new identity key. pubKey.keyLength & idKeyParams.encData are both 0. This object may be of type TcTpmKeyNew or TcTpmKey12New.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

srkAuth - HMAC key for the first authorization session.

ownerAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... The newly created identity key. (TcTpmKey of TcTpmKey12)
• 3 ... Signature of TcTpmIdentityContentsusing idKey.private. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspGetCredentials_Internal

public static java.lang.Object[] TspGetCredentials_Internal(TcContext context)
                                                     throws TcTssException

Throws:

TcTssException

TspContextConnect_Internal

public static void TspContextConnect_Internal(TcContext context,
                                              java.lang.String hostname)
                                       throws TcTssException

Throws:

TcTssException

TspContextOpen_Internal

public static long TspContextOpen_Internal(TcContext context)
                                    throws TcTssException

Throws:

TcTssException

TspContextClose_Internal

public static void TspContextClose_Internal(TcContext context)
                                     throws TcTssException

Throws:

TcTssException

TspContextGetCapability_Internal

public static TcBlobData TspContextGetCapability_Internal(TcContext context,
                                                          long capArea,
                                                          TcBlobData subCap)
                                                   throws TcTssException

Throws:

TcTssException

TspLogPcrEvent

public static long TspLogPcrEvent(TcContext context,
                                  TcTssPcrEvent pcrEvent)
                           throws TcTssException

This method adds a new event to the end of the array associated with the named PCR. This command adds supporting information for the named TcTssPcrEvent event to the end of the event log. The TCS MUST maintain an array of event-supporting data with events identified by the register to which they belong and the order in which the events occurred. The log need not be in a TCG-shielded location, and the Tcsi_LogPcrEvent action need not be a TCG-protected capability.

Parameters:

context - Handle to established context.

pcrEvent - Details of the event being logged.

Returns:

The number of the event just logged is returned in this variable. The TCS number events for each PCR monotonically from 0.

Throws:

{@link - TcTssException}

TcTssException

TspGetPcrEvent

public static TcTssPcrEvent TspGetPcrEvent(TcContext context,
                                           long pcrIndex,
                                           long number)
                                    throws TcTssException

This method is used to retrieve events logged with TcTcsi.TcsiLogPcrEvent(long, TcTssPcrEvent). This method needs not to be a protected capability and the log events retrieved need not to be in a shielded location. The command retrieves events previously logged using TcTcsi.TcsiLogPcrEvent(long, TcTssPcrEvent). The format of the data returned is identical to that previously logged. This operation retrieves log entries by PCR index and event number. On TCS initialization the event log for each PCR is empty. Then, for each PCR, the first event logged is numbered 0; the next is numbered 1, and so on. Attempts to receive log items beyond the end of the log return an error.

Parameters:

context - Handle to the established context.

pcrIndex - The index of the PCR.

number - The number events required. Events are numbered from 0 to the number of events logged on the named PCR.

Returns:

TcTssPcrEvent array holding the retrieved events (the number is returned implicilty). If no events could be retrieved an empty array is returned.

Throws:

{@link - TcTssException}

TcTssException

TspGetPcrEventCount

public static long TspGetPcrEventCount(TcContext context,
                                       long pcrIndex)
                                throws TcTssException

This method returns the number of events logged with TcTcsi.TcsiLogPcrEvent(long, TcTssPcrEvent).

Parameters:

context - Handle to the established context.

pcrIndex - The index of the PCR.

Returns:

The number of elements found matching the given criteria.

Throws:

{@link - TcTssException}

TcTssException

TspGetPcrEventsByPcr

public static TcTssPcrEvent[] TspGetPcrEventsByPcr(TcContext context,
                                                   long pcrIndex,
                                                   long firstEvent,
                                                   long eventCount)
                                            throws TcTssException

This metho returns an event log bound to a single PCR. The event log is returned as an ordered sequence of TcTssPcrEvent structures. The caller can limit the size of the returned array using eventCount. The caller can also specify the number of the first event on the returned event log using firstEvent. This allow the caller to retrieve the event log step by step, or to retrieve a partial event log when required. The array elements are of variable size, and the TcTssPcrEvent structure defines the size of the current event and the register with which it is associated.

Parameters:

context - Handle to the established context.

pcrIndex - The index of the PCR.

firstEvent - The number of the first event in the returned array.

eventCount - The max number of events to returned. Set to -1 to return all events for the PCR.

Returns:

The event array as defined by the parameters.

Throws:

{@link - TcTssException}

TcTssException

TspGetPcrEventLog

public static TcTssPcrEvent[] TspGetPcrEventLog(TcContext context)
                                         throws TcTssException

This method returns the event log of all events since the TPM was initialized. The event log is returned as an ordered sequence of TcTssPcrEvent structures in the following order: all events bound to PCR 0 (in the order they have arrived), all events bound to PCR 1 (in the order they have arrived), etc. If the event log is epmpty, an empty array is returned.

Parameters:

context - Handle to the established context.

Returns:

Array holding all the events collected up to this point.

Throws:

{@link - TcTssException}

TcTssException

TspSelfTestFull_Internal

public static void TspSelfTestFull_Internal(TcContext context)
                                     throws TcTssException

This method triggers a test of all TPM protected capabilities.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspContinueSelfTest_Internal

public static void TspContinueSelfTest_Internal(TcContext context)
                                         throws TcTssException

This method informs the TPM that it may complete the self test of all TPM functions.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspGetTestResult_Internal

public static TcBlobData TspGetTestResult_Internal(TcContext context)
                                            throws TcTssException

This method provides manufacturer specific information regarding the results of the self-test. This command will work when the TPM is in self-test failure mode.

Parameters:

context - The context this call is associated with.

Returns:

The outData this is manufacturer specific

Throws:

{@link - TcTssException}

TcTssException

TspSetOwnerInstall_Internal

public static void TspSetOwnerInstall_Internal(TcContext context,
                                               boolean state)
                                        throws TcTssException

This method determines if the TPM has a current owner. The TPM validates the assertion of physical access and then sets the value of TPM_PERSISTENT_FLAGS.ownership to the value in the state.

Parameters:

context - The context this call is associated with.

state - The state to which ownership flag is to be set.

Throws:

{@link - TcTssException}

TcTssException

TspOwnerSetDisable_Internal

public static TcTcsAuth TspOwnerSetDisable_Internal(TcContext context,
                                                    boolean disableState,
                                                    TcTcsAuth inAuth1,
                                                    TcTpmSecret ownerAuth)
                                             throws TcTssException

This method is used to change the status of the TPM_PERSISTENT_DISABLE flag.

Parameters:

context - The context this call is associated with.

disableState - Value for disable state - enable if TRUE

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspPhysicalEnable_Internal

public static void TspPhysicalEnable_Internal(TcContext context)
                                       throws TcTssException

This method enables the TPM physical presence.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspPhysicalDisable_Internal

public static void TspPhysicalDisable_Internal(TcContext context)
                                        throws TcTssException

This method disables the TPM physical presence.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspPhysicalSetDeactivated_Internal

public static void TspPhysicalSetDeactivated_Internal(TcContext context,
                                                      boolean state)
                                               throws TcTssException

This method sets the TPM_PERSITSTENT_FLAGS.deactivated flag to the value in the state parameter.

Parameters:

context - The context this call is associated with.

state - State to which deactivated flag is to be set.

Throws:

{@link - TcTssException}

TcTssException

TspSetTempDeactivated2_Internal

public static TcTcsAuth TspSetTempDeactivated2_Internal(TcContext context,
                                                        TcTcsAuth inAuth1,
                                                        TcTpmSecret operatorAuth)
                                                 throws TcTssException

This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

operatorAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspSetTempDeactivated_Internal

public static void TspSetTempDeactivated_Internal(TcContext context)
                                           throws TcTssException

This method sets the TPM_VOLATILE_FLAGS.deactivated to the value TRUE which temporarily deactivates the TPM. This command requires physical presence.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspSetOperatorAuth_Internal

public static void TspSetOperatorAuth_Internal(TcContext context,
                                               TcTpmSecret operatorAuth)
                                        throws TcTssException

Sets the operator authorization value for the platform.

Parameters:

context - The context this call is associated with.

operatorAuth - The operator AuthData

Throws:

{@link - TcTssException}

TcTssException

TspTakeOwnership_Internal

public static java.lang.Object[] TspTakeOwnership_Internal(TcContext context,
                                                           int protocolID,
                                                           TcBlobData encOwnerAuth,
                                                           TcBlobData encSrkAuth,
                                                           TcITpmKeyNew srkParams,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret ownerAuth)
                                                    throws TcTssException

This method inserts the Owner-authorization data and creates a new Storage Root Key (SRK). This function fails if there is already a TPM owner set. After inserting the authorization data, this function creates the SRK. To validate that the operation completes successfully, The TPM HMACs the response.

Parameters:

context - The context this call is associated with.

protocolID - The ownership protocol in use.

encOwnerAuth - The owner AuthData encrypted with PUBEK.

encSrkAuth - The SRK AuthData encrypted with PUBEK.

srkParams - Structure containing all parameters of new SRK. pubKey.keyLength & encSize are both 0. This structure MAY be TcTpmKey12.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Structure containing all parameters of new SRK. srkPub.encData is set to 0. This structure MAY be TcTpmKey12. (TcTpmKey)

Throws:

{@link - TcTssException}

TcTssException

TspOwnerClear_Internal

public static TcTcsAuth TspOwnerClear_Internal(TcContext context,
                                               TcTcsAuth inAuth1,
                                               TcTpmSecret ownerAuth)
                                        throws TcTssException

This command clears the TPM under owner authorization.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspForceClear_Internal

public static void TspForceClear_Internal(TcContext context)
                                   throws TcTssException

This method performs the clear operation under physical presence.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspDisableOwnerClear_Internal

public static TcTcsAuth TspDisableOwnerClear_Internal(TcContext context,
                                                      TcTcsAuth inAuth1,
                                                      TcTpmSecret ownerAuth)
                                               throws TcTssException

This command disables the ability to execute the OwnerClear command permanently.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspDisableForceClear_Internal

public static void TspDisableForceClear_Internal(TcContext context)
                                          throws TcTssException

This command disables the execution of the ForceClear command until next startup cycle.

Parameters:

context - The context this call is associated with.

Throws:

{@link - TcTssException}

TcTssException

TspPhysicalPresence_Internal

public static void TspPhysicalPresence_Internal(TcContext context,
                                                int physicalPresence)
                                         throws TcTssException

This method sets the physical presence flags.

Parameters:

context - The context this call is associated with.

physicalPresence - The state to set the TPM's PhysicalPresence flags.

Throws:

{@link - TcTssException}

TcTssException

TspGetCapability_Internal

public static TcBlobData TspGetCapability_Internal(TcContext context,
                                                   long capArea,
                                                   TcBlobData subCap)
                                            throws TcTssException

This method allows the TPM to report back the requestor what type of TPM it is dealing with.

Parameters:

context - The context this call is associated with.

capArea - Partition of capabilities to be interrogated

subCap - Further definition of information

Returns:

The capability response (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspSetCapability_Internal

public static TcTcsAuth TspSetCapability_Internal(TcContext context,
                                                  long capArea,
                                                  TcBlobData subCap,
                                                  TcBlobData setValue,
                                                  TcTcsAuth inAuth1,
                                                  TcTpmSecret ownerAuth)
                                           throws TcTssException

This method allows the caller to set values in the TPM. Information about the capArea and subCap is transmitted to the TPM without any interpretation by the TCS. The TPM will return an appropriate error on wrong values.

Parameters:

context - The context this call is associated with.

capArea - Partition of capabilities to be set

subCap - Further definition of information

setValue - The value to set

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspGetCapabilityOwner_Internal

public static java.lang.Object[] TspGetCapabilityOwner_Internal(TcContext context,
                                                                TcTcsAuth inAuth1,
                                                                TcTpmSecret ownerAuth)
                                                         throws TcTssException

This method enables the TPM owner to retrieve information belonging to the TPM owner.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... A properly filled out version structure. (TcTpmVersion)
• 2 ... The current state of the non-volatile flags. (Long)
• 3 ... The current state of the volatile flags. (Long)

Throws:

{@link - TcTssException}

TcTssException

TspGetAuditDigest_Internal

public static java.lang.Object[] TspGetAuditDigest_Internal(TcContext context,
                                                            long startOrdinal)
                                                     throws TcTssException

This method gets the digest of audited ordinals.

Parameters:

context - The context this call is associated with.

startOrdinal - The starting ordinal for the list of audited ordinals

Returns:

The returned Object[] holds the following elements:

• 0 ... The current value of the audit monotonic counter (TcTpmCounterValue)
• 1 ... Log of all audited events (TcTpmDigest)
• 2 ... TRUE if the output does not contain a full list of audited ordinals (Boolean)
• 3 ... List of ordinals that are audited. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspGetAuditDigestSigned_Internal

public static java.lang.Object[] TspGetAuditDigestSigned_Internal(TcContext context,
                                                                  long keyHandle,
                                                                  boolean closeAudit,
                                                                  TcTpmNonce antiReplay,
                                                                  TcTcsAuth inAuth1,
                                                                  TcTpmSecret keyAuth)
                                                           throws TcTssException

This method gets the signed digest of audited ordinals.

Parameters:

context - The context this call is associated with.

keyHandle - The handle of a loaded key that can perform digital signatures.

closeAudit - Indication if audit session should be closed

antiReplay - A nonce to prevent replay attacks

inAuth1 - The data for the authorization session.

keyAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The value of the audit monotonic counter (TcTpmCounterValue)
• 2 ... Log of all audited events (TcTpmDigest)
• 3 ... Digest of all audited ordinals (TcTpmDigest)
• 4 ... The signature of the area (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspSetOrdinalAuditStatus_Internal

public static TcTcsAuth TspSetOrdinalAuditStatus_Internal(TcContext context,
                                                          long ordinalToAudit,
                                                          boolean auditState,
                                                          TcTcsAuth inAuth1,
                                                          TcTpmSecret ownerAuth)
                                                   throws TcTssException

This command sets the audit flag for a given ordinal. This command requires owner authorization.

Parameters:

context - The context this call is associated with.

ordinalToAudit - The ordinal whose audit flag is to be set.

auditState - Value for audit flag.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

FieldUpgrade

public TcTcsAuth FieldUpgrade(TcContext context,
                              TcBlobData inData,
                              TcTcsAuth inAuth1,
                              TcTpmSecret ownerAuth)
                       throws TcTssException

This command is vendor specific. It allows vendors to upgrade TPMs that are already in the field.

Parameters:

context - The context this call is associated with.

inData - Vendor specific data blob with upgrade information.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

Vendor specific return blob.

Throws:

{@link - TcTssException}

TcTssException

TspSetRedirection_Internal

public static TcTcsAuth TspSetRedirection_Internal(TcContext context,
                                                   long keyHandle,
                                                   long redirCmd,
                                                   TcBlobData inputData,
                                                   TcTcsAuth inAuth1,
                                                   TcTpmSecret ownerAuth)
                                            throws TcTssException

Redirected keys enable the output of a TPM to be directed to non-TCG security functions in the platform, without exposing that output to non-security functions. It sometimes is desirable to direct the TPM's output to specific platform functions without exposing that output to other platform functions. To enable this, the key in a leaf node of the TCG protected storage can be tagged as a "redirected" key. Any plaintext output data secured by a redirected key is passed by the TPM directly to specific platform functions and is not interpreted by the TPM. Since redirection can only affect leaf keys, redirection applies to: Unbind, Unseal, Quote and Sign.

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can implement redirection.

redirCmd - The command to execute

inputData - Manufacturer parameter

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspResetLockValue_Internal

public static TcTcsAuth TspResetLockValue_Internal(TcContext context,
                                                   TcTcsAuth inAuth1,
                                                   TcTpmSecret ownerAuth)
                                            throws TcTssException

Resets the lock that get set in a TPM after multiple false authorization attempts. This is used to prevent hammering attacks. This command requires owner authorization.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspSeal_Internal

public static java.lang.Object[] TspSeal_Internal(TcContext context,
                                                  long keyHandle,
                                                  TcTpmEncauth encAuth,
                                                  TcITpmPcrInfo pcrInfo,
                                                  TcBlobData inData,
                                                  TcTcsAuth inAuth1,
                                                  TcTpmSecret pubAuth)
                                           throws TcTssException

This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed. The seal operation also implicitly includes the relevant platform configuration when the seal operation was performed.

Parameters:

context - The context this call is associated with.

keyHandle - Handle of a loaded key that can perform seal operations.

encAuth - The encrypted AuthData for the sealed data.

pcrInfo - The PCR selection information. The caller MAY use TcTpmPcrInfoLong.

inData - The data to be sealed to the platform and any specified PCRs

inAuth1 - The data for the authorization session.

pubAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Encrypted, integrity-protected data object that is the result of the TPM_Seal operation. (TcTpmStoredData)

Throws:

{@link - TcTssException}

TcTssException

TspUnseal_Internal

public static java.lang.Object[] TspUnseal_Internal(TcContext context,
                                                    long parentHandle,
                                                    TcITpmStoredData inData,
                                                    TcTcsAuth inAuth1,
                                                    TcTcsAuth inAuth2,
                                                    TcTpmSecret parentAuth,
                                                    TcTpmSecret dataAuth)
                                             throws TcTssException

This method will reveal sealed data only if it was encrypted on this platform and the current configuration (defined by the named PCRs) is the one named as qualified to decrypt it. It decrypts the structure internally, checks the integrity of the resulting data and checks that the PCR named has the value named during TcsipSeal. Additionally, the caller must supply appropriate authorization data for the blob and the key that was used to seal that data.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of a loaded key that can unseal the data.

inData - The encrypted data generated by TPM_Seal.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

parentAuth - HMAC key for the first authorization session.

dataAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... Decrypted data that had been sealed (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspUnBind_Internal

public static java.lang.Object[] TspUnBind_Internal(TcContext context,
                                                    long keyHandle,
                                                    TcBlobData inData,
                                                    TcTcsAuth inAuth1,
                                                    TcTpmSecret privAuth)
                                             throws TcTssException

This method takes the data blob that is the result of a bind command and decrypts it for export to the user. The caller must authorize the use of the key that will decrypt the incoming blob.

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can perform UnBindoperations.

inData - Encrypted blob to be decrypted

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The resulting decrypted data. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCreateWrapKey_Internal

public static java.lang.Object[] TspCreateWrapKey_Internal(TcContext context,
                                                           long parentHandle,
                                                           TcTpmEncauth dataUsageAuth,
                                                           TcTpmEncauth dataMigrationAuth,
                                                           TcITpmKeyNew keyInfo,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret pubAuth)
                                                    throws TcTssException

Parameters:

context - The context this call is associated with.

parentHandle - Handle of a loaded key that can perform key wrapping.

dataUsageAuth - Encrypted usage AuthData for the sealed data.

dataMigrationAuth - Encrypted migration AuthData for the sealed data.

keyInfo - Information about key to be created, pubKey.keyLength and keyInfo.encData elements are 0. MAY be TcTpmKey12

inAuth1 - The data for the authorization session.

pubAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The TPM_KEY structure which includes the public and encrypted private key. MAY be TcTpmKey12 (TcTpmKey)

Throws:

{@link - TcTssException}

TcTssException

TspGetPubKey_Internal

public static java.lang.Object[] TspGetPubKey_Internal(TcContext context,
                                                       long keyHandle,
                                                       TcTcsAuth inAuth1,
                                                       TcTpmSecret keyAuth)
                                                throws TcTssException

Parameters:

context - The context this call is associated with.

keyHandle - TPM handle of key.

inAuth1 - The data for the authorization session.

keyAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Public portion of key in keyHandle. (TcTpmPubkey)

Throws:

{@link - TcTssException}

TcTssException

TspSealx_Internal

public static java.lang.Object[] TspSealx_Internal(TcContext context,
                                                   long keyHandle,
                                                   TcTpmEncauth encAuth,
                                                   TcTpmPcrInfoLong pcrInfo,
                                                   TcBlobData inData,
                                                   TcTcsAuth inAuth1,
                                                   TcTpmSecret pubAuth)
                                            throws TcTssException

This method allows software to explicitly state the future trusted configuration that the platform must be in for the secret to be revealed. It also includes the relevant platform configuration when the SealX command was performed.

Parameters:

context - The context this call is associated with.

keyHandle - Handle of a loaded key that can perform seal operations.

encAuth - The encrypted AuthData for the sealed data.

pcrInfo - MUST use TcTpmPcrInfoLong.

inData - The data to be sealed to the platform and any specified PCRs

inAuth1 - The data for the authorization session.

pubAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Encrypted, integrity-protected data object that is the result of the TPM_Sealx operation. (TcTpmStoredData(12))

Throws:

{@link - TcTssException}

TcTssException

TspCreateMigrationBlob_Internal

public static java.lang.Object[] TspCreateMigrationBlob_Internal(TcContext context,
                                                                 long parentHandle,
                                                                 int migrationType,
                                                                 TcTpmMigrationkeyAuth migrationKeyAuth,
                                                                 TcBlobData encData,
                                                                 TcTcsAuth inAuth1,
                                                                 TcTcsAuth inAuth2,
                                                                 TcTpmSecret parentAuth,
                                                                 TcTpmSecret entityAuth)
                                                          throws TcTssException

This method implements the first step in the process of moving a migratable key to a new parent key or platform. Execution of this command requires knowledge of the migrationAuth field of the key to be migrated.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of the parent key that can decrypt encData.

migrationType - The migration type, either MIGRATE or REWRAP.

migrationKeyAuth - Migration public key and its authorization session digest.

encData - The encrypted entity that is to be modified.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

parentAuth - HMAC key for the first authorization session.

entityAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... String used for XOR encryption (TcBlobData)
• 3 ... The modified, encrypted entity. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspConvertMigrationBlob_Internal

public static java.lang.Object[] TspConvertMigrationBlob_Internal(TcContext context,
                                                                  long parentHandle,
                                                                  TcBlobData inData,
                                                                  TcBlobData random,
                                                                  TcTcsAuth inAuth1,
                                                                  TcTpmSecret parentAuth)
                                                           throws TcTssException

This method takes a migration blob and creates a normal wrapped blob. The migrated blob must be loaded into the TPM using the normal LoadKey function.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of a loaded key that can decrypt keys.

inData - The XOR'd and encrypted key.

random - Random value used to hide key data.

inAuth1 - The data for the authorization session.

parentAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The encrypted private key that can be loaded with TPM_LoadKey (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspAuthorizeMigrationKey_Internal

public static java.lang.Object[] TspAuthorizeMigrationKey_Internal(TcContext context,
                                                                   int migrationScheme,
                                                                   TcTpmPubkey migrationKey,
                                                                   TcTcsAuth inAuth1,
                                                                   TcTpmSecret ownerAuth)
                                                            throws TcTssException

This method creates an authorization blob to allow the TPM owner to specify which migration facility they will use and allow users to migrate information without further involvement with the TPM owner.

Parameters:

context - The context this call is associated with.

migrationScheme - Type of migration operation that is to be permitted for this key.

migrationKey - The public key to be authorized.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Returned public key and authorization session digest. (TcTpmMigrationkeyAuth)

Throws:

{@link - TcTssException}

TcTssException

TspMigrateKey_Internal

public static java.lang.Object[] TspMigrateKey_Internal(TcContext context,
                                                        long maKeyHandle,
                                                        TcTpmPubkey pubKey,
                                                        TcBlobData inData,
                                                        TcTcsAuth inAuth1,
                                                        TcTpmSecret keyAuth)
                                                 throws TcTssException

This method performs the function of a migration authority. THis command is used to permit a TPM enabled system to be a migration authority. To prevent execution of this command using any other key as a parent key, this TPM operation works only if the keyUsage for the macKey is TPM_KEY_MIGRATABLE.

Parameters:

context - The context this call is associated with.

maKeyHandle - Handle of the key to be used to migrate the key.

pubKey - Public key to which the blob is to be migrated

inData - The input blob

inAuth1 - The data for the authorization session.

keyAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The re-encrypted blob (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCmkSetRestrictions_Internal

public static TcTcsAuth TspCmkSetRestrictions_Internal(TcContext context,
                                                       long restriction,
                                                       TcTcsAuth inAuth1,
                                                       TcTpmSecret ownerAuth)
                                                throws TcTssException

This command is used by the owner to order the usage of a CMK with delegated authorization.

Parameters:

context - The context this call is associated with.

restriction - The bit mask of how to set the restrictions on CMK keys

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspCmkApproveMA_Internal

public static java.lang.Object[] TspCmkApproveMA_Internal(TcContext context,
                                                          TcTpmDigest migrationAuthorityDigest,
                                                          TcTcsAuth inAuth1,
                                                          TcTpmSecret ownerAuth)
                                                   throws TcTssException

This command is used to create an authorization ticket, to allow the TPM owner to specify/select one or more migration authorities they approve and allow user to generate CMKs without further involvement of the owner.

Parameters:

context - The context this call is associated with.

migrationAuthorityDigest - A digest of a TcTpmMsaComposite structure (itself one or more digests of public keys belonging to migration authorities)

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... HMAC of migrationAuthorityDigest (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TspCmkCreateKey_Internal

public static java.lang.Object[] TspCmkCreateKey_Internal(TcContext context,
                                                          long parentHandle,
                                                          TcTpmEncauth dataUsageAuth,
                                                          TcTpmKey12 keyInfo,
                                                          TcTpmDigest migrationAuthorityApproval,
                                                          TcTpmDigest migrationAuthorityDigest,
                                                          TcTcsAuth inAuth1,
                                                          TcTpmSecret pubAuth)
                                                   throws TcTssException

This command both generates and creates a secure storage bundle for asymmetric keys whose migration is controlled/restricted by a migration authority. Only this command can be used to create these kind of keys.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of a loaded key that can perform key wrapping.

dataUsageAuth - Encrypted usage AuthData for the sealed data.

keyInfo - Information about key to be created, pubKey.keyLength and keyInfo.encData elements are 0. MUST be TcTpmKey12

migrationAuthorityApproval - A ticket, created by the TPM Owner using TPM_CMK_ApproveMA, approving a TcTpmMsaComposite structure

migrationAuthorityDigest - The digest of a TcTpmMsaComposite structure

inAuth1 - The data for the authorization session.

pubAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The TcTpmKey structure which includes the public and encrypted private key. MUST be TcTpmKey12 (TcTpmKey12)

Throws:

{@link - TcTssException}

TcTssException

TspCMK_CreateTicket_Internal

public static java.lang.Object[] TspCMK_CreateTicket_Internal(TcContext context,
                                                              TcTpmPubkey verificationKey,
                                                              TcTpmDigest signedData,
                                                              TcBlobData signatureValue,
                                                              TcTcsAuth inAuth1,
                                                              TcTpmSecret pubAuth)
                                                       throws TcTssException

This owner controlled command uses a public key to verify the signature over a digest.

Parameters:

context - The context this call is associated with.

verificationKey - The public key to be used to check signatureValue

signedData - The data to be verified

signatureValue - The signatureValue to be verified

inAuth1 - The data for the authorization session.

pubAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Ticket that proves digest created on this TPM (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TspCmkCreateBlob_Internal

public static java.lang.Object[] TspCmkCreateBlob_Internal(TcContext context,
                                                           long parentHandle,
                                                           int migrationType,
                                                           TcTpmMigrationkeyAuth migrationKeyAuth,
                                                           TcTpmDigest pubSourceKeyDigest,
                                                           TcTpmMsaComposite msaList,
                                                           TcBlobData restrictTicket,
                                                           TcBlobData sigTicket,
                                                           TcBlobData encData,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret parentAuth)
                                                    throws TcTssException

This command is similar to TcspiCreateMigrationBlob, except that it uses migration authority data whose migration data are independent from tpmProof. It is possible for the parameter restrictTicket to be null.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of the parent key that can decrypt encData.

migrationType - The migration type, either TPM_MS_RESTRICT_MIGRATE or TPM_MS_RESTRICT_APPROVE_DOUBLE

migrationKeyAuth - Migration public key and its authorization session digest.

pubSourceKeyDigest - The digest of the TcTpmPubkey of the entity to be migrated

msaList - One or more digests of public keys belonging to migration authorities

restrictTicket - Either a NULL parameter or a TcTpmCmkAuth structure, containing the digests of the public keys belonging to the Migration Authority, the destination parent key and the key-to-be-migrated.

sigTicket - Either a NULL parameter or a TcTpmDigest structure, generated by the TPM, signaling a valid signature over restrictTicket

encData - The encrypted entity that is to be modified.

inAuth1 - The data for the authorization session.

parentAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... String used for XOR encryption (TcBlobData)
• 2 ... The modified, encrypted entity. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCmkConvertMigration_Internal

public static java.lang.Object[] TspCmkConvertMigration_Internal(TcContext context,
                                                                 long parentHandle,
                                                                 TcTpmCmkAuth restrictTicket,
                                                                 TcTpmDigest sigTicket,
                                                                 TcTpmKey12 migratedKey,
                                                                 TcTpmMsaComposite msaList,
                                                                 TcBlobData random,
                                                                 TcTcsAuth inAuth1,
                                                                 TcTpmSecret parentAuth)
                                                          throws TcTssException

This command is used as the final step to finish migrating a key to a new TPM. Note that the related TPM command migrates private keys only. The migration of the associated public keys us not specified by the TPM. The application (i.e. TSP) must generate a TPM_KEYxx structure before the migrated key can be used be the target TPM in a LoadKeyX command.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of a loaded key that can decrypt keys.

restrictTicket - The digests of public keys belonging to the Migration Authority, the destination parent key and the key-to-be-migrated.

sigTicket - A signature ticket, generated by the TPM, signaling a valid signature over restrictTicket

migratedKey - The public key of the key-to-be-migrated. The private portion MUST be TcTpmMigrateAsymkey properly XOR'd

msaList - One or more digests of public keys belonging to migration authorities

random - Random value used to hide key data.

inAuth1 - The data for the authorization session.

parentAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The encrypted private key that can be loaded with TPM_LoadKey (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCreateMaintenanceArchive_Internal

public static java.lang.Object[] TspCreateMaintenanceArchive_Internal(TcContext context,
                                                                      boolean generateRandom,
                                                                      TcTcsAuth inAuth1,
                                                                      TcTpmSecret ownerAuth)
                                                               throws TcTssException

This method creates a TPM maintenance archive.

Parameters:

context - The context this call is associated with.

generateRandom - Use RNG or Owner authorization to generate 'random'.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Random data to XOR with result. (TcBlobData)
• 2 ... Encrypted key archive. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspLoadMaintenanceArchive_Internal

public static java.lang.Object[] TspLoadMaintenanceArchive_Internal(TcContext context,
                                                                    TcBlobData inData,
                                                                    TcTcsAuth inAuth1,
                                                                    TcTpmSecret ownerAuth)
                                                             throws TcTssException

This method loads a TPM maintenance archive that has been massaged by the manufacturer to load into another TPM.

Parameters:

context - The context this call is associated with.

inData - Vendor specific data.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Vendor specific return data. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspKillMaintenanceFeature_Internal

public static TcTcsAuth TspKillMaintenanceFeature_Internal(TcContext context,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret ownerAuth)
                                                    throws TcTssException

This method triggers a permanent action that prevents ANYONE from creating a TPM maintenance archive until a new TPM owner is set.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspLoadManuMaintPub_Internal

public static TcTpmDigest TspLoadManuMaintPub_Internal(TcContext context,
                                                       TcTpmNonce antiReplay,
                                                       TcTpmPubkey pubKey)
                                                throws TcTssException

This method loads the TPM manufactuerer's public key for use in the maintenance process.

Parameters:

context - The context this call is associated with.

antiReplay - AntiReplay and validation nonce

pubKey - The public key of the manufacturer to be in use for maintenance

Returns:

Digest of pubKey and antiReplay

Throws:

{@link - TcTssException}

TcTssException

TspReadManuMaintPub_Internal

public static TcTpmDigest TspReadManuMaintPub_Internal(TcContext context,
                                                       TcTpmNonce antiReplay)
                                                throws TcTssException

This command is used to check whether the manufactuerer's public maintenance key in a TPM has the expected value.

Parameters:

context - The context this call is associated with.

antiReplay - AntiReplay and validation nonce

Returns:

Digest of pubKey and antiReplay

Throws:

{@link - TcTssException}

TcTssException

TspSign_Internal

public static java.lang.Object[] TspSign_Internal(TcContext context,
                                                  long keyHandle,
                                                  TcBlobData areaToSign,
                                                  TcTcsAuth inAuth1,
                                                  TcTpmSecret privAuth)
                                           throws TcTssException

This method signs a digest and returns the resulting digital signature. This command uses a properly authorized signature key.

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can perform digital signatures.

areaToSign - The value to sign

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The resulting digital signature. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspGetRandom_Internal

public static TcBlobData TspGetRandom_Internal(TcContext context,
                                               long bytesRequested)
                                        throws TcTssException

This method returns the next bytesRequested bytes from the random number generator to the caller.

Parameters:

context - The context this call is associated with.

bytesRequested - Number of bytes to return

Returns:

The returned bytes

Throws:

{@link - TcTssException}

TcTssException

TspStirRandom_Internal

public static void TspStirRandom_Internal(TcContext context,
                                          TcBlobData inData)
                                   throws TcTssException

This method adds entropy to the RNG state.

Parameters:

context - The context this call is associated with.

inData - Data to add entropy to RNG state

Throws:

{@link - TcTssException}

TcTssException

TspCertifyKey_Internal

public static java.lang.Object[] TspCertifyKey_Internal(TcContext context,
                                                        long certHandle,
                                                        long keyHandle,
                                                        TcTpmNonce antiReplay,
                                                        TcTcsAuth inAuth1,
                                                        TcTcsAuth inAuth2,
                                                        TcTpmSecret certAuth,
                                                        TcTpmSecret keyAuth)
                                                 throws TcTssException

This method allows a key to certify the public portion of certain storage and signing keys.

Parameters:

context - The context this call is associated with.

certHandle - Handle of the key to be used to certify the key.

keyHandle - Handle of the key to be certified.

antiReplay - 160 bits of externally supplied data (typically a nonce provided to prevent replay-attacks)

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

certAuth - HMAC key for the first authorization session.

keyAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... TPM_CERTIFY_INFO or TcTpmCertifyInfo2 structure that provides information relative to key handle (TcTpmCertifyInfo)
• 3 ... The signature of certifyInfo (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCertifyKey2_Internal

public static java.lang.Object[] TspCertifyKey2_Internal(TcContext context,
                                                         long certHandle,
                                                         long keyHandle,
                                                         TcTpmDigest migrationPubDigest,
                                                         TcTpmNonce antiReplay,
                                                         TcTcsAuth inAuth1,
                                                         TcTcsAuth inAuth2,
                                                         TcTpmSecret keyAuth,
                                                         TcTpmSecret certAuth)
                                                  throws TcTssException

This method allows a key to certify the public portion of certifiable migratable storage and signing keys.

Parameters:

context - The context this call is associated with.

keyHandle - Handle of the key to be certified.

certHandle - Handle of the key to be used to certify the key.

migrationPubDigest - The digest of a TcTpmMsaCompositestructure, containing at least one public key of a Migration Authority

antiReplay - 160 bits of externally supplied data (typically a nonce provided to prevent replay-attacks)

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

keyAuth - HMAC key for the first authorization session.

certAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... TcTpmCertifyInfo2 relative to keyHandle (TcTpmCertifyInfo2)
• 3 ... The signed public key. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCreateEndorsementKeyPair_Internal

public static java.lang.Object[] TspCreateEndorsementKeyPair_Internal(TcContext context,
                                                                      TcTpmKeyParms keyInfo,
                                                                      TcTpmNonce antiReplay)
                                                               throws TcTssException

This method generates the endorsement key pair.

Parameters:

context - The context this call is associated with.

antiReplay - Arbitrary data.

keyInfo - Information about key to be created, this includes all algorithm parameters.

Returns:

The returned Object[] holds the following elements:

• 0 ... The public endorsement key (TcTpmPubkey)
• 1 ... Hash of pubEndorsementKey and antiReplay (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TspCreateRevocableEK_Internal

public static java.lang.Object[] TspCreateRevocableEK_Internal(TcContext context,
                                                               TcTpmKeyParms keyInfo,
                                                               TcTpmNonce antiReplay,
                                                               boolean generateReset,
                                                               TcTpmNonce inputEKreset)
                                                        throws TcTssException

This method generates the revocable endorsement key pair.

Parameters:

context - The context this call is associated with.

keyInfo - Information about key to be created, this includes all algorithm parameters.

antiReplay - Arbitrary data.

generateReset - If TRUE use TPM RNG to generate EKreset. If FALSE use the passed value inputEKreset,

inputEKreset - The authorization value to be used with RevokeEndorsementKeyPair if generateReset==FALSE, else the parameter is present but ignored.

Returns:

The returned Object[] holds the following elements:

• 0 ... The public endorsement key (TcTpmPubkey)
• 1 ... Hash of pubEndorsementKey and antiReplay (TcTpmDigest)
• 2 ... The AuthData value to use TPM_RevokeTrust (TcTpmNonce)

Throws:

{@link - TcTssException}

TcTssException

TspRevokeEndorsementKeyPair_Internal

public static void TspRevokeEndorsementKeyPair_Internal(TcContext context,
                                                        TcTpmNonce EKReset)
                                                 throws TcTssException

This method clears the TPM revocable endorsement key pair.

Parameters:

context - The context this call is associated with.

EKReset - The value that will be matched toEK Reset

Throws:

{@link - TcTssException}

TcTssException

TspReadPubek_Internal

public static java.lang.Object[] TspReadPubek_Internal(TcContext context,
                                                       TcTpmNonce antiReplay)
                                                throws TcTssException

This method returns the public portion of the endorsement key.

Parameters:

context - The context this call is associated with.

Returns:

The returned Object[] holds the following elements:

• 0 ... The public endorsement key (TcTpmPubkey)
• 1 ... Hash of pubEndorsementKey and antiReplay (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TcsipEvictKey

public static void TcsipEvictKey(TcContext context,
                                 long keyHandle)
                          throws TcTssException

This method allows to flush a key from the key cache.

Parameters:

context - The context this call is associated with.

keyHandle - TCS key handle of the key to be evicted.

Throws:

{@link - TcTssException}

TcTssException

TspOwnerReadInternalPub_Internal

public static java.lang.Object[] TspOwnerReadInternalPub_Internal(TcContext context,
                                                                  long keyHandle,
                                                                  TcTcsAuth inAuth1,
                                                                  TcTpmSecret ownerAuth)
                                                           throws TcTssException

Parameters:

context - The context this call is associated with.

keyHandle - Handle for either PUBEK or SRK

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The public portion of the requested key (TcTpmPubkey)

Throws:

{@link - TcTssException}

TcTssException

TspActivateIdentity_Internal

public static java.lang.Object[] TspActivateIdentity_Internal(TcContext context,
                                                              long idKeyHandle,
                                                              TcBlobData blob,
                                                              TcTcsAuth inAuth1,
                                                              TcTcsAuth inAuth2,
                                                              TcTpmSecret idKeyAuth,
                                                              TcTpmSecret ownerAuth)
                                                       throws TcTssException

The purpose of this method is twofold: The first purpose is to obtain assurance that the credential in the TPM_SYM_CA_ATTESTATION is for this TPM. The second purpose is to obtain the session key used to encrypt the TPM_IDENTITY_CREDENTIAL. This function checks that the symmetric session key corresponds to a TPM-identity before releasing that session key. Only the owner of the TPM has the privilege of activating a TPM identity. The owner may authorize this function using either the TPM_OIAP or TPM_OSAP authorization protocols.

Parameters:

context - The context this call is associated with.

idKeyHandle - Identity key to be activated.

blob - The encrypted ASYM_CA_CONTENTS orTcTpmEkBlob.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

idKeyAuth - HMAC key for the first authorization session.

ownerAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... The decrypted symmetric key. (TcTpmSymmetricKey)

Throws:

{@link - TcTssException}

TcTssException

TspExtend_Internal

public static TcTpmDigest TspExtend_Internal(TcContext context,
                                             long pcrNum,
                                             TcTpmDigest inDigest)
                                      throws TcTssException

This command causes the modification of a specific PCR register.

Parameters:

context - The context this call is associated with.

pcrNum - The PCR to be updated.

inDigest - The 160 bit value representing the event to be recorded.

Returns:

The PCR value after execution of the command.

Throws:

{@link - TcTssException}

TcTssException

TspPcrRead_Internal

public static TcTpmDigest TspPcrRead_Internal(TcContext context,
                                              long pcrIndex)
                                       throws TcTssException

This method provides a non-cryptographic reporting of the contents of a named PCR.

Parameters:

context - The context this call is associated with.

pcrIndex - Index of the PCR to be read

Returns:

The current contents of the named PCR

Throws:

{@link - TcTssException}

TcTssException

TspQuote_Internal

public static java.lang.Object[] TspQuote_Internal(TcContext context,
                                                   long keyHandle,
                                                   TcTpmNonce externalData,
                                                   TcTpmPcrSelection targetPCR,
                                                   TcTcsAuth inAuth1,
                                                   TcTpmSecret privAuth)
                                            throws TcTssException

This command provides cryptographic reporting of PCR values. A loaded key is required for operation. This command uses the key to sign a statement that names the current value of a chosen PCR and externally supplied data (which may be a nonce supplied by a challenger).

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can sign the PCR values.

externalData - 160 bits of externally supplied data (typically a nonce provided by a server to prevent replay-attacks)

targetPCR - The indices of the PCRs that are to be reported.

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... A structure containing the same indices as targetPCR, plus the corresponding current PCR values. (TcTpmPcrComposite)
• 2 ... The signed data blob. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspPcrReset_Internal

public static void TspPcrReset_Internal(TcContext context,
                                        TcTpmPcrSelection pcrSelection)
                                 throws TcTssException

This method resets a PCR register. Whether or not it succeeds may depend on the locality executing the command. PCRs can be defined in a platform specific specification to allow reset of certain PCRs only for certain localities. The one exception to this is PCR 15, which can always be reset in a 1.2 implementation (This is to allow software testing). This command will reset either ALL of the PCRs selected in pcrSelection or NONE of them.

Parameters:

context - The context this call is associated with.

pcrSelection - The PCR's to reset.

Throws:

{@link - TcTssException}

TcTssException

TspQuote2_Internal

public static java.lang.Object[] TspQuote2_Internal(TcContext context,
                                                    long keyHandle,
                                                    TcTpmNonce externalData,
                                                    TcTpmPcrSelection targetPCR,
                                                    boolean addVersion,
                                                    TcTcsAuth inAuth1,
                                                    TcTpmSecret privAuth)
                                             throws TcTssException

This command provides cryptographic reporting of PCR values. A loaded key is required for operation. This command uses the key to sign a statement that names the current value of a chosen PCR and externally supplied data (which may be a nonce supplied by a challenger).

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can sign the PCR values.

externalData - 160 bits of externally supplied data (typically a nonce provided by a server to prevent replay-attacks)

targetPCR - The indices of the PCRs that are to be reported.

addVersion - When TRUE add TcTpmCapVersionInfoto the output

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The value created and signed for the quote (TcTpmPcrInfoShort)
• 2 ... The version info (TcTpmCapVersionInfo)
• 3 ... The signed data blob. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspChangeAuth_Internal

public static java.lang.Object[] TspChangeAuth_Internal(TcContext context,
                                                        long parentHandle,
                                                        int protocolID,
                                                        TcTpmEncauth newAuth,
                                                        int entityType,
                                                        TcBlobData encData,
                                                        TcTcsAuth inAuth1,
                                                        TcTcsAuth inAuth2,
                                                        TcTpmSecret parentAuth,
                                                        TcTpmSecret entityAuth,
                                                        TcTpmSecret entityAuthVal)
                                                 throws TcTssException

This method allows the owner of an entity to change the authorization data for the entity.

Parameters:

context - The context this call is associated with.

parentHandle - Handle of the parent key to the entity.

protocolID - The protocol in use.

newAuth - The encrypted new AuthData for the entity.

entityType - The type of entity to be modified.

encData - The encrypted entity that is to be modified.

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

parentAuth - HMAC key for the first authorization session.

entityAuth - HMAC key for the second authorization session.

entityAuthVal - HMAC key for validating the output of the second authorization session. On 1.2 TPMs enityAuth and entityAuthVal typically are the same (namely the new secret of the entity). On 1.1 TPMs entityAuth is the new secret while entityAuthVal is the old secret of the entity.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... The modified, encrypted entity. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspChangeAuthOwner_Internal

public static TcTcsAuth TspChangeAuthOwner_Internal(TcContext context,
                                                    int protocolID,
                                                    TcTpmEncauth newAuth,
                                                    int entityType,
                                                    TcTcsAuth inAuth1,
                                                    TcTpmSecret ownerAuth)
                                             throws TcTssException

This method allows the owner of an entity to change the authorization data fro the TPM owner or the SRK.

Parameters:

context - The context this call is associated with.

protocolID - The protocol in use.

newAuth - The encrypted new AuthData for the entity

entityType - The type of entity to be modified

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspOIAP_Internal

public static TcTcsAuth TspOIAP_Internal(TcContext context)
                                  throws TcTssException

This method allows the creation of an authorization handle and the tracking of the handle by the TPM. THe TPM generates the handle and nonce.

Parameters:

context - The context this call is associated with.

Returns:

The newly generated authorization session data.

Throws:

{@link - TcTssException}

TcTssException

TspOSAP_Internal

public static java.lang.Object[] TspOSAP_Internal(TcContext context,
                                                  int entityType,
                                                  long entityValue,
                                                  TcTpmNonce nonceOddOSAP)
                                           throws TcTssException

This method creates the authorization handle, the shared secret and generates nonceEven and nonceEvenOSAP.

Parameters:

context - The context this call is associated with.

entityType - The type of entity in use.

entityValue - The selection value based on entityType, e.g. a keyHandle.

Returns:

The returned Object[] holds the following elements:

• 0 ... newly generated authorization session data (TcTpmAuth)
• 1 ... Nonce generated by TPM and associated with shared secret. (TcTpmNonce)

Throws:

{@link - TcTssException}

TcTssException

TspDSAP_Internal

public static java.lang.Object[] TspDSAP_Internal(TcContext context,
                                                  int entityType,
                                                  long keyHandle,
                                                  TcTpmNonce nonceOddDSAP,
                                                  TcBlobData entityValue)
                                           throws TcTssException

This method opens a delegated authorization session.

Parameters:

context - The context this call is associated with.

entityType - The type of delegation information to use

keyHandle - Key for which delegated authority corresponds, or 0 if delegated owner activity. Only relevant if entityValue equals TcTpmDelegateKeyBlob

entityValue - TcTpmDelegateKeyBlob or TcTpmDelegateOwnerBlob or index MUST not be empty If entityType is TPM_ET_DEL_ROW thenentityValue is a long

Returns:

The returned Object[] holds the following elements:

• 0 ... Handle that TPM creates that points to the authorization state. (Long)
• 1 ... Nonce generated by TPM and associated with session. (TcTpmNonce)
• 2 ... Nonce generated by TPM and associated with shared secret. (TcTpmNonce)

Throws:

{@link - TcTssException}

TcTssException

TspDelegateManage_Internal

public static java.lang.Object[] TspDelegateManage_Internal(TcContext context,
                                                            long familyID,
                                                            long opCode,
                                                            TcBlobData opData,
                                                            TcTcsAuth inAuth1,
                                                            TcTpmSecret ownerAuth)
                                                     throws TcTssException

This command is authorized either by the TPM owner or by physical presence. If no owner is installed, the command requires no privilege to execute. The command uses the opCode parameter with values:

• TPM_FAMILY_CREATE to create a new family
• TPM_FAMILY_INVALIDATE to invalidate an existing family
• TPM_FAMILY_ENABLE to enable/disable use of a family and all the rows that belong to that family
• TPM_FAMILY_ADMIN to lock or unlock a family against further modification. If a family is locked while there is no owner it cannot be unlocked until after ownership is established.

Parameters:

context - The context this call is associated with.

familyID - The familyID that is to be managed

opCode - Operation to be performed by this command.

opData - Data necessary to implement opCode

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Returned data (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspDelegateCreateKeyDelegation_Internal

public static java.lang.Object[] TspDelegateCreateKeyDelegation_Internal(TcContext context,
                                                                         long keyHandle,
                                                                         TcTpmDelegatePublic publicInfo,
                                                                         TcTpmEncauth delAuth,
                                                                         TcTcsAuth inAuth1,
                                                                         TcTpmSecret privAuth)
                                                                  throws TcTssException

This method is used to delegate the privilege to us a key by creating a blob that can be used TPM_DSAP. THese blob cannot be used as input data for loading owner delegation, because the internal TPM delegate table is used to store owner delegations only.

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key.

publicInfo - The public information necessary to fill in the blob

delAuth - The encrypted new AuthData for the blob. The encryption key is the shared secret from the authorization session protocol.

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The partially encrypted delegation information. (TcTpmDelegateKeyBlob)

Throws:

{@link - TcTssException}

TcTssException

TspDelegateCreateOwnerDelegation_Internal

public static java.lang.Object[] TspDelegateCreateOwnerDelegation_Internal(TcContext context,
                                                                           boolean increment,
                                                                           TcTpmDelegatePublic publicInfo,
                                                                           TcTpmEncauth delAuth,
                                                                           TcTcsAuth inAuth1,
                                                                           TcTpmSecret ownerAuth)
                                                                    throws TcTssException

This method is used to delegate owner privileges to use a set of command ordinals by creating a blob. This blob can in turn be used as input data for TPM_DSAP or DelegateLoadOwnerDelegation to provide proof of privilege. DelegateCreateKeyDelegation must be used to delegate privilege to use a key.

Parameters:

context - The context this call is associated with.

increment - Flag dictates whether verificationCount will be incremented

publicInfo - The public parameters for the blob

delAuth - The encrypted new AuthData for the blob. The encryption key is the shared secret from the OSAP protocol.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The partially encrypted delegation information. (TcTpmDelegateOwnerBlob)

Throws:

{@link - TcTssException}

TcTssException

TspDelegateLoadOwnerDelegation_Internal

public static TcTcsAuth TspDelegateLoadOwnerDelegation_Internal(TcContext context,
                                                                long index,
                                                                TcTpmDelegateOwnerBlob blob,
                                                                TcTcsAuth inAuth1,
                                                                TcTpmSecret ownerAuth)
                                                         throws TcTssException

This method is used to load an owner delegation blob into the TPM non-volatile delegation table. If an owner is installed the owner blob must be created with DelegateCreateOwnerDelegation. If an owner is not installed, the owner blob by be created outside the TPM and its TPM_DELEGATE_SENSITIVE component must be left un-encrypted.

Parameters:

context - The context this call is associated with.

index - The index of the delegate row to be written

blob - Delegation information, including encrypted portions as appropriate

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspDelegate_ReadTable_Internal

public static java.lang.Object[] TspDelegate_ReadTable_Internal(TcContext context)
                                                         throws TcTssException

This command is used to read from the TPM the public contents of the family and delegate tables that are stored on the TPM. Such data is required during external verification of tables. There are no restrictions on the execution of this command. Anyone can read this information regardless of the state of the PCRs, regardless of whether they know any specific authorization value and regardless whether or not the enable and administrator bits are set one way or the other.

Parameters:

context - The context this call is associated with.

Returns:

The returned Object[] holds the following elements:

• 0 ... Array of TcTpmFamilyTableEntry elements (TcBlobData)
• 1 ... Array of long and TcTpmDelegatePublic elements (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspDelegate_UpdateVerificationCount_Internal

public static java.lang.Object[] TspDelegate_UpdateVerificationCount_Internal(TcContext context,
                                                                              TcBlobData inputData,
                                                                              TcTcsAuth inAuth1,
                                                                              TcTpmSecret ownerAuth)
                                                                       throws TcTssException

This method sets the cerificationCount in an entity (a blob or a delegation row) to the current family value, in order that the delegations represented by that entity will continue to be accepted by the TPM.

Parameters:

context - The context this call is associated with.

inputData - TcTpmDelegateKeyBlob or TcTpmDelegateOwnerBlob or long

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... TcTpmDelegateKeyBlob or TcTpmDelegateOwnerBlob (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspDelegateVerifyDelegation_Internal

public static void TspDelegateVerifyDelegation_Internal(TcContext context,
                                                        TcBlobData delegation)
                                                 throws TcTssException

This method interprets a delegate blob and returns success or failure, depending on whether the blob is currently valid.

Parameters:

context - The context this call is associated with.

delegation - TcTpmDelegateKeyBlob or TcTpmDelegateOwnerBlob

Throws:

{@link - TcTssException}

TcTssException

TspNvDefineSpace_Internal

public static TcTcsAuth TspNvDefineSpace_Internal(TcContext context,
                                                  TcTpmNvDataPublic pubInfo,
                                                  TcTpmEncauth encAuth,
                                                  TcTcsAuth inAuth1,
                                                  TcTpmSecret ownerAuth)
                                           throws TcTssException

This command sets aside space in the TPM NVRAM and defines the access requirements necessary to read and write that space. If this function is called twice, the first time it will create the space and the second time delete it.

Parameters:

context - The context this call is associated with.

pubInfo - The public parameters of the NV area.

encAuth - The encrypted AuthData, only valid if the attributes require subsequent authorization.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspNvWriteValue_Internal

public static TcTcsAuth TspNvWriteValue_Internal(TcContext context,
                                                 long nvIndex,
                                                 long offset,
                                                 TcBlobData data,
                                                 TcTcsAuth inAuth1,
                                                 TcTpmSecret ownerAuth)
                                          throws TcTssException

This command writes the value to a defined area. The write can be TPM owner authorized or unauthorized and protected by other attributes and will work when no TPM owner is present.

Parameters:

context - The context this call is associated with.

nvIndex - The index of the area to set.

offset - The offset into the NV Area.

data - The data to set the area to.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspNvWriteValueAuth_Internal

public static TcTcsAuth TspNvWriteValueAuth_Internal(TcContext context,
                                                     long nvIndex,
                                                     long offset,
                                                     TcBlobData data,
                                                     TcTcsAuth inAuth1,
                                                     TcTpmSecret authValue)
                                              throws TcTssException

This command writes a previously defined area. The area must require authorization to write. This command is for using when authorization other than the owner authorization is to be used.

Parameters:

context - The context this call is associated with.

nvIndex - The index of the area to set

offset - The offset into the chunk

data - The data to set the area to

inAuth1 - The data for the authorization session.

authValue - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspNvReadValue_Internal

public static java.lang.Object[] TspNvReadValue_Internal(TcContext context,
                                                         long nvIndex,
                                                         long offset,
                                                         long dataSz,
                                                         TcTcsAuth inAuth1,
                                                         TcTpmSecret ownerAuth)
                                                  throws TcTssException

This method reads a value from the NV store. THis command uses optional owner authorization.

Parameters:

context - The context this call is associated with.

nvIndex - The index of the area to set

offset - The offset into the area

dataSz - The size of the data area

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The data to set the area to (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspNvReadValueAuth_Internal

public static java.lang.Object[] TspNvReadValueAuth_Internal(TcContext context,
                                                             long nvIndex,
                                                             long offset,
                                                             long dataSz,
                                                             TcTcsAuth inAuth1,
                                                             TcTpmSecret authHmac)
                                                      throws TcTssException

This method reads a value from the NV store. THis command uses optional owner authorization.

Parameters:

context - The context this call is associated with.

nvIndex - The index of the area to set

offset - The offset from the data area

dataSz - The size of the data area

inAuth1 - The data for the authorization session.

authHmac - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The data (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspReadCurrentTicks_Internal

public static TcTpmCurrentTicks TspReadCurrentTicks_Internal(TcContext context)
                                                      throws TcTssException

This method reads the current tick out of the TPM.

Parameters:

context - The context this call is associated with.

Returns:

The current time held in the TPM.

Throws:

{@link - TcTssException}

TcTssException

TspTickStampBlob_Internal

public static java.lang.Object[] TspTickStampBlob_Internal(TcContext context,
                                                           long keyHandle,
                                                           TcTpmNonce antiReplay,
                                                           TcTpmDigest digestToStamp,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret privAuth)
                                                    throws TcTssException

This method is similar to a time stamp: it associates a tick value with a blob, indicating that the blob existed at some point earlier than the time corresponding to the tick value.

Parameters:

context - The context this call is associated with.

keyHandle - The keyHandle identifier of a loaded key that can perform digital signatures.

antiReplay - Anti replay value added to signature

digestToStamp - The digest to perform the tick stamp on

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The current time according to the TPM (TcTpmCurrentTicks)
• 2 ... The resulting digital signature. (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspEstablishTransport_Internal

public static java.lang.Object[] TspEstablishTransport_Internal(TcContext context,
                                                                long encHandle,
                                                                TcTpmTransportPublic transPublic,
                                                                TcBlobData secret,
                                                                TcTcsAuth inAuth1,
                                                                TcTpmSecret keyAuth)
                                                         throws TcTssException

Parameters:

context - The context this call is associated with.

encHandle - The handle to the key that encrypted the blob

transPublic - The public information describing the transport session

secret - The encrypted secret area

inAuth1 - The data for the authorization session.

keyAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The handle for the transport session (Long)
• 2 ... The locality that called this command (Long)
• 3 ... The current tick count (TcTpmCurrentTicks)
• 4 ... The even nonce in use for subsequent execute transport (TcTpmNonce)

Throws:

{@link - TcTssException}

TcTssException

TspExecuteTransport_Internal

public static java.lang.Object[] TspExecuteTransport_Internal(TcContext context,
                                                              TcBlobData wrappedCmd,
                                                              long transHandle,
                                                              TcTcsAuth inAuth1,
                                                              TcTpmSecret transAuth)
                                                       throws TcTssException

Parameters:

context - The context this call is associated with.

wrappedCmd - The wrapped command

transHandle - The transport session handle

inAuth1 - The data for the authorization session.

transAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The current ticks when the command was executed (Long)
• 2 ... The locality that called this command (Long)
• 3 ... The wrapped response (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspReleaseTransportSigned_Internal

public static java.lang.Object[] TspReleaseTransportSigned_Internal(TcContext context,
                                                                    long keyHandle,
                                                                    TcTpmNonce antiReplay,
                                                                    long transHandle,
                                                                    TcTcsAuth inAuth1,
                                                                    TcTcsAuth inAuth2,
                                                                    TcTpmSecret keyAuth,
                                                                    TcTpmSecret transAuth)
                                                             throws TcTssException

Parameters:

context - The context this call is associated with.

keyHandle - Handle of a loaded key that will perform the signing

antiReplay - Value provided by caller for anti-replay protection

transHandle - The transport session handle

inAuth1 - The data for the first authorization session.

inAuth2 - The data for the second authorization session.

keyAuth - HMAC key for the first authorization session.

transAuth - HMAC key for the second authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The outgoing authorization data for second session. (TcTpmAuth)
• 2 ... The locality that called this command (Long)
• 3 ... The current ticks when the command executed (TcTpmCurrentTicks)
• 4 ... The signature of the digest (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspCreateCounter_Internal

public static java.lang.Object[] TspCreateCounter_Internal(TcContext context,
                                                           TcTpmEncauth encAuth,
                                                           TcBlobData label,
                                                           TcTcsAuth inAuth1,
                                                           TcTpmSecret ownerAuth)
                                                    throws TcTssException

This method creates a new counter in the TPM. It does NOT select that counter. Counter creation assigns an authorization value to the counter and sets the counters original start value to be one more that the internal base counter. The label length has the be 4.

Parameters:

context - The context this call is associated with.

encAuth - The encrypted authorization data for the new counter

label - Label to associate with counter

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The handle for the counter (Long)
• 2 ... The starting counter value (TcTpmCounterValue)

Throws:

{@link - TcTssException}

TcTssException

TspIncrementCounter_Internal

public static java.lang.Object[] TspIncrementCounter_Internal(TcContext context,
                                                              long countID,
                                                              TcTcsAuth inAuth1,
                                                              TcTpmSecret counterAuth)
                                                       throws TcTssException

This method selects a counter if one has not yet been selected, and increments that counter register. If a counter has already been selected and it is different from the one requested, the increment counter will fail. To change the selected counter, the TPM must go through a startup cycle.

Parameters:

context - The context this call is associated with.

countID - The handle of a valid counter

inAuth1 - The data for the authorization session.

counterAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The counter value (TcTpmCounterValue)

Throws:

{@link - TcTssException}

TcTssException

TspReadCounter_Internal

public static TcTpmCounterValue TspReadCounter_Internal(TcContext context,
                                                        long countID)
                                                 throws TcTssException

This method reads the current value of a counter register.

Parameters:

context - The context this call is associated with.

countID - ID value of the counter

Returns:

The counter value

Throws:

{@link - TcTssException}

TcTssException

TspReleaseCounter_Internal

public static TcTcsAuth TspReleaseCounter_Internal(TcContext context,
                                                   long countID,
                                                   TcTcsAuth inAuth1,
                                                   TcTpmSecret counterAuth)
                                            throws TcTssException

This method releases a counter so that no reads or increments of the indicated counter will succeed. It invalidates all information regarding that counter, including the counter handle.

Parameters:

context - The context this call is associated with.

countID - ID value of the counter

inAuth1 - The data for the authorization session.

counterAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspReleaseCounterOwner_Internal

public static TcTcsAuth TspReleaseCounterOwner_Internal(TcContext context,
                                                        long countID,
                                                        TcTcsAuth inAuth1,
                                                        TcTpmSecret ownerAuth)
                                                 throws TcTssException

This method releases a counter so that no reads or increments of the indicated counter will succeed. It invalidates all information regarding that counter, including the counter handle. It differs from TspReleaseCounter_Internal in that it requires TPM owner authorization instead of authorization for the counter.

Parameters:

context - The context this call is associated with.

countID - ID value of the counter

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspDaaJoin_Internal

public static java.lang.Object[] TspDaaJoin_Internal(TcContext context,
                                                     long handle,
                                                     short stage,
                                                     TcBlobData inputData0,
                                                     TcBlobData inputData1,
                                                     TcTcsAuth inAuth1,
                                                     TcTpmSecret ownerAuth)
                                              throws TcTssException

This method executes a TPM DAA join command.

Parameters:

context - The context this call is associated with.

handle - Session handle

stage - Processing stage of join

inputData0 - Data to be used by this capability

inputData1 - Data to be used by this capability

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Data produced by this capability (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspDaaSign_Internal

public static java.lang.Object[] TspDaaSign_Internal(TcContext context,
                                                     long handle,
                                                     short stage,
                                                     TcBlobData inputData0,
                                                     TcBlobData inputData1,
                                                     TcTcsAuth inAuth1,
                                                     TcTpmSecret ownerAuth)
                                              throws TcTssException

This method executes a TPM DAA sign command.

Parameters:

context - The context this call is associated with.

handle - Handle to the sign session

stage - Stage of the sign process

inputData0 - Data to be used by this capability

inputData1 - Data to be used by this capability

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... Data produced by this capability (TcBlobData)

Throws:

{@link - TcTssException}

TcTssException

TspTerminateHandle_Internal

public static void TspTerminateHandle_Internal(TcContext context,
                                               long handle)
                                        throws TcTssException

This method allows the TPM driver to clear out information in an authorization handle. The TPM may maintain the authorization session even though a key attached to it has been unloaded or the authorization session itself has been unloaded in some way.

Parameters:

context - The context this call is associated with.

handle - The handle to terminate

Throws:

{@link - TcTssException}

TcTssException

TspDirWriteAuth_Internal

public static TcTcsAuth TspDirWriteAuth_Internal(TcContext context,
                                                 long dirIndex,
                                                 TcTpmDigest newContents,
                                                 TcTcsAuth inAuth1,
                                                 TcTpmSecret ownerAuth)
                                          throws TcTssException

Parameters:

context - The context this call is associated with.

dirIndex - Index of the DIR

newContents - New value to be stored in named DIR

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspDirRead_Internal

public static TcTpmDigest TspDirRead_Internal(TcContext context,
                                              long dirIndex)
                                       throws TcTssException

This method provides read access to the Data Integrity Registers.

Parameters:

context - The context this call is associated with.

dirIndex - Index of the DIR to be read

Returns:

The current contents of the named DIR

Throws:

{@link - TcTssException}

TcTssException

TspChangeAuthAsymStart_Internal

public static java.lang.Object[] TspChangeAuthAsymStart_Internal(TcContext context,
                                                                 long idHandle,
                                                                 TcTpmNonce antiReplay,
                                                                 TcTpmKeyParms tempKey,
                                                                 TcTcsAuth inAuth1,
                                                                 TcTpmSecret idAuth)
                                                          throws TcTssException

This method starts the process of changing authorization for an entity. It sets the OIAP session that must be retained for use by its twin TcsipChangeAuthAsymFinish command.

Parameters:

context - The context this call is associated with.

idHandle - The keyHandle identifier of a loaded identity ID key

antiReplay - The nonce to be inserted into the certifyInfo structure

tempKey - Structure contains all parameters of ephemeral key.

inAuth1 - The data for the authorization session.

idAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The certifyInfo structure that is to be signed. (TcTpmCertifyInfo)
• 2 ... The signature of the certifyInfo parameter. (TcBlobData)
• 3 ... The keyHandle identifier to be used by ChangeAuthAsymFinish for the ephemeral key (Long)
• 4 ... Structure containing all parameters and public part of ephemeral key. TcTpmKey.encSize is set to 0. (TcTpmKey)

Throws:

{@link - TcTssException}

TcTssException

TspChangeAuthAsymFinish_Internal

public static java.lang.Object[] TspChangeAuthAsymFinish_Internal(TcContext context,
                                                                  long parentHandle,
                                                                  long ephHandle,
                                                                  int entityType,
                                                                  TcTpmDigest newAuthLink,
                                                                  TcBlobData encNewAuth,
                                                                  TcBlobData encData,
                                                                  TcTcsAuth inAuth1,
                                                                  TcTpmSecret privAuth)
                                                           throws TcTssException

This method completes the process of changing authorization for an entity.

Parameters:

context - The context this call is associated with.

parentHandle - The keyHandle of the parent key for the input data.

ephHandle - The keyHandle identifier for the ephemeral key.

entityType - The type of entity to be modified.

newAuthLink - HMAC calculation that links the old and new AuthData values together.

encNewAuth - New AuthData encrypted with ephemeral key.

encData - The encrypted entity that is to be modified.

inAuth1 - The data for the authorization session.

privAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The modified, encrypted entity. (TcBlobData)
• 2 ... A nonce value from the TPM RNG to add entropy to the changeProof value (TcTpmNonce)
• 3 ... Proof that AuthData has changed. (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TspOwnerReadPubek_Internal

public static java.lang.Object[] TspOwnerReadPubek_Internal(TcContext context,
                                                            TcTcsAuth inAuth1,
                                                            TcTpmSecret ownerAuth)
                                                     throws TcTssException

This method allows the TPM owner to read the public endorsement key.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The returned Object[] holds the following elements:

• 0 ... The outgoing authorization data for first session. (TcTpmAuth)
• 1 ... The public endorsement key (TcTpmPubkey)

Throws:

{@link - TcTssException}

TcTssException

TspDisablePubekRead_Internal

public static TcTcsAuth TspDisablePubekRead_Internal(TcContext context,
                                                     TcTcsAuth inAuth1,
                                                     TcTpmSecret ownerAuth)
                                              throws TcTssException

This method returns the public portion of the endorsement key.

Parameters:

context - The context this call is associated with.

inAuth1 - The data for the authorization session.

ownerAuth - HMAC key for the authorization session.

Returns:

The outgoing authorization data for first session.

Throws:

{@link - TcTssException}

TcTssException

TspSHA1Start_Internal

public static java.lang.Long TspSHA1Start_Internal(TcContext context)
                                            throws TcTssException

Parameters:

context - The context this call is associated with.

Returns:

Maximum number of bytes that can be sent to TPM_SHA1Update. Must be a multiple of 64 bytes.

Throws:

{@link - TcTssException}

TcTssException

TspSHA1Update_Internal

public static void TspSHA1Update_Internal(TcContext context,
                                          long numBytes,
                                          TcBlobData hashData)
                                   throws TcTssException

Parameters:

context - The context this call is associated with.

numBytes - The number of bytes in hashData. Must be a multiple of 64 bytes.

hashData - Bytes to be hashed

Throws:

{@link - TcTssException}

TcTssException

TspSHA1Complete_Internal

public static TcTpmDigest TspSHA1Complete_Internal(TcContext context,
                                                   TcBlobData hashData)
                                            throws TcTssException

Parameters:

context - The context this call is associated with.

hashData - Final bytes to be hashed

Returns:

The output of the SHA-1 hash.

Throws:

{@link - TcTssException}

TcTssException

TspSHA1CompleteExtend_Internal

public static java.lang.Object[] TspSHA1CompleteExtend_Internal(TcContext context,
                                                                long pcrNum,
                                                                TcBlobData hashData)
                                                         throws TcTssException

Parameters:

context - The context this call is associated with.

pcrNum - Index of the PCR to be modified

hashData - Final bytes to be hashed

Returns:

The returned Object[] holds the following elements:

• 0 ... The output of the SHA-1 hash. (TcTpmDigest)
• 1 ... The PCR value after execution of the command. (TcTpmDigest)

Throws:

{@link - TcTssException}

TcTssException

TspIfxReadTpm11Ek

public static TcBlobData TspIfxReadTpm11Ek(TcContext context)
                                    throws TcTssException

This method reads the EK certificate embedded in 1.1b Infineon chips. The certificate is not read in one piece but it is split into several parts which have to be read one by one and then put together. Note that this functionality is vendor specific for Infineon 1.1b TPMs!

Parameters:

context - The context this call is associated with.

Returns:

Binary blob containing the EK certificate read from the TPM.

Throws:

TcTssException