TcIPolicy (IAIK jTSS - TCG Software Stack for the Java (tm) Platform [TSP API] (ver. 0.7.1))

Overview

Package

Class

Tree

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.tc.tss.api.tspi
Interface TcIPolicy

All Superinterfaces:: TcIAttributes, TcIWorkingObject

public interface TcIPolicy
extends TcIWorkingObject, TcIAttributes
extends TcIWorkingObject, TcIAttributes

The Policy class represents information authorization data (secrets), authorization data handling and the assigned authorized objects like key objects or encrypted data objects.
Secret Lifetime: If an application uses the mode TSS_SECRET_LIFETIME_COUNTER or TSS_SECRET_LIFETIME_TIMER, the application has to be aware that during a command processing the secret may be invalidated because of a time out or because the counter runs out.
TSPI Default Policy: Each context has its own default policy object that is automatically assigned to a new key or encrypted data object after its creation. If this policy object is not appropriate, a different policy object can be assigned with assignToObject(TcIAuthObject). When a working object is added to a policy, the reference to the working object is added to the list of assigned objects stored in that policy object and the reference to the policy object is stored on the working object.

TSS Spec. 1.2 Errata A, page number:: 221

Method Summary
`void`	`assignToObject(TcIAuthObject obj)` This method assigns an object (working object) like TPM object, key object, encrypted data object to a certain policy.
`void`	`flushSecret()` This method flushes a cached secret.
`void`	`setSecret(long secretMode, TcBlobData secret)` This method sets the authorization data of a policy object and defines the handling of its retrieval.

Methods inherited from interface TcIAttributes
`getAttribData, getAttribUint32, setAttribData, setAttribUint32`

Method Detail

setSecret

void setSecret(long secretMode,
               TcBlobData secret)
               throws TcTssException

This method sets the authorization data of a policy object and defines the handling of its retrieval.

Parameters:

secretMode - Flag indicating the policy secret mode to set. Secret mode values are prefixed with TSS_SECRET_MODE_ and are defined in TcTssConstants.
Valid secretModes are:

Note that there is another secret mode (TcTssConstants.TSS_SECRET_MODE_CALLBACK). To actually use the callback functionality to obtain the secret, the setAttribData method has to be used to set the callback. If this is done, the setSecret method must not be called.

secret - The secret data blob.

Throws:

TcTssException

TSS Spec. 1.2 Errata A, page number:

233

TSS Spec. 1.10 Golden, Aug. 20, 2003, page number:

101

flushSecret

void flushSecret()
                 throws TcTssException

This method flushes a cached secret.

Throws:: TcTssException
TSS Spec. 1.2 Errata A, page number:: 235
TSS Spec. 1.10 Golden, Aug. 20, 2003, page number:: 102

assignToObject

void assignToObject(TcIAuthObject obj)
                    throws TcTssException

This method assigns an object (working object) like TPM object, key object, encrypted data object to a certain policy. Each of these working objects will utilize its assigned policy object to process an authorized TPM command. Note that there are two different policies that can be assigned to a working object, usage policy and migration policy. The type of a policy object is determined upon creation of the policy object or later using the TcIAttributes.setAttribData(long, long, TcBlobData).

Parameters:: obj - The object to be assigned.
Throws:: TcTssException
TSS Spec. 1.2 Errata A, page number:: 236
TSS Spec. 1.10 Golden, Aug. 20, 2003, page number:: 103