Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

de.datenzone.tpm4java
Interface TssLowlevel

All Known Implementing Classes:
TSSCoreService
public interface TssLowlevel

A low level interface to a tpm chip. When you are going to do some more difficult things, you should prefer this over TssHighLevel.

Author:
Erik Tews

Nested Class Summary
static interface TssLowlevel.AlgorithmId
          IDs for all algorithms used by the TPM.
static interface TssLowlevel.Capabilities
          Constants for GetCapability.
static interface TssLowlevel.CommandTag
          The used command tags.
static interface TssLowlevel.EncScheme
          The used encryption schemes
static interface TssLowlevel.EntityType
          All entitz types the TPM knows.
static interface TssLowlevel.KeyHandle
          Keyhandles for the TPMs keystore.
static interface TssLowlevel.MigrateScheme
          The possible migration schemes
static interface TssLowlevel.ProtocolId
          the protocols the TPM uses.
static interface TssLowlevel.ResourceType
          The resource types defined by the TPM.
static interface TssLowlevel.SigScheme
          The supported signature schemes
static interface TssLowlevel.StartupType
          The startup types define the way the TPM starts.
 
Field Summary
static java.nio.ByteOrder TPM_BYTE_ORDER
          The TPM uses BIG_ENDIAN byte order.
static int TPM_HASHSIZE
          As a consequence of using SHA1, all hashes are 20 byte long
static int VERSION11
           
static int VERSION12
           
 
Method Summary
 byte[] GetNounce()
           
 byte[] GetRandomBytes(int size)
          get some random data (from a normal Random, not from the TPM)
 boolean isCheckReply()
           
 boolean isDebug()
           
 void setCheckReply(boolean checkReply)
          Turn reply verification (hmac, hash) on or off
 void setDebug(boolean debug)
          If set to true, all binary commands and answers will be printed to System.Err
 TPMSymmetricKey TPM_ActivateIdentity(int key, byte[] blob, byte[] ownerPass, TPMOSAPSession keySession)
          activate an Identity Attestation Key with some data from some privacy CA
 TPMMigrationKeyAuth TPM_AuthorizeMigrationKey(TPMPubKeyWrapper pubKey, short migrationScheme, TPMOSAPSession session)
          create a Migration Key Auth - this is what you need if you want to migrate a key
 TPMCertifyInfo TPM_CertifyKey(int certKey, int keyToCertify, byte[] nounce, TPMOSAPSession certSession, TPMOSAPSession keySession)
          sign one key's public key with another key
 byte[] TPM_ChangeAuth(TPMOSAPSession sessionParent, int parentKeyHandle, byte[] currentAuth, byte[] newAuth, short entityType, byte[] data)
          Change the password for an entity
 void TPM_ChangeAuthOwner(TPMOSAPSession session, short entityType, byte[] newAuth)
          Change an entities' password with owner power
 void TPM_ContinueSelfTest()
          Ensure that all self tests are run
 byte[] TPM_ConvertMigrationBlob(int parentKeyHandle, byte[] migrationBlob, TPMOSAPSession session)
          read a migration blob into the new TPM
 int TPM_CreateCounter(byte[] newCounterPass, byte[] label, TPMOSAPSession session)
          create a new monotonic counter (1.2 only)
 byte[] TPM_CreateMigrationBlob(int parentKeyHandle, short migrationScheme, TPMMigrationKeyAuth mka, byte[] encryptedEntity, TPMOSAPSession parentKeySession, byte[] entityMigrationPass)
          create a migration blob - you can use TPM_ConvertMigrationBlob later to re-import the blob on another TPM
 TPMKeyWrapper TPM_CreateWrapKey(int parentKeyID, byte[] parentKeyPass, byte[] newKeyPass, byte[] migrationPass, TPMKeyWrapper template)
          Create a new key for use inside the TPM
 byte[] TPM_DirRead(int dirIndex)
          read the contents of the given Data Integrity Register
 void TPM_DirWriteAuth(int dirIndex, byte[] newContents, TPMOSAPSession session)
          Write to a given Date Integrity Register
 void TPM_DisableForceClear()
          disable ForceClear until the next startup of the TPM
 void TPM_DisableOwnerClear(byte[] ownerAuth)
          Disable the possibility to clear the owner.
 void TPM_DisablePubekRead(byte[] ownerAuth)
          disable ReadPubek
 TPMTransportSession TPM_EstablishTransport(int key, TPMTransportPublic transportPublic, byte[] encryptedSecret, TPMOSAPSession session)
          These commands have not been tested, because the 1.2 TPM emulator oopses when I try...
 void TPM_EvictKey(int handle)
          unload the key given by handle. this function is deprecated in 1.2, use flush_specific instead!
 byte[] TPM_ExecuteTransport(byte[] wrappedCmd, TPMTransportSession session)
           
 byte[] TPM_Extend(int regnum, byte[] newValue)
          Extend one PCR - PCR[x] = SHA1(PCR[x] || newValue)
 void TPM_FlushSpecific(int handle, int resourceType)
          TPM 1.2 command, terminate the given handle of the resourceType (see TSSCoreService.ResourceType)
 void TPM_ForceClear()
          clear the owner using physical presence as authorization
 int[] TPM_GetCapability_Key_Handle()
          GetCapability for TPM_CAP_KEY_HANDLE
 int TPM_GetCapability_Pcrs()
          GetCapability for TPM_CAP_PROP_PCR
 int TPM_GetCapability_Slots()
          GetCapability for TPM_CAP_PROP_KEYS
 int TPM_GetCapability_Version()
          GetCapability for TPM_CAP_VERSION
 byte[] TPM_GetCapability(int capArea, byte[] stuff)
          return some information about the TPM. for capArea, please see TssLowLevel.Capabilities
 TPMPubKeyWrapper TPM_GetPubKey(int keyHandle, byte[] keyPass)
          Get the public key part of a key inside the TPM
 byte[] TPM_GetRandom(int num_bytes)
          get some random bytes from the TPM
 byte[] TPM_GetTestResult()
          Retrieve the results of the self tests (even in failure mode)
 java.math.BigInteger TPM_GetTicks()
          Get the tick count from the TPM. this does not need to be more than a monotonic counter
 java.math.BigInteger TPM_IncrementCounter(int counterID, TPMOSAPSession session)
          increment a monotonic counter
 int TPM_LoadKey(int parentKeyID, TPMKeyWrapper key, TPMOSAPSession session)
          Load a key (aka encrypted blob) inside the TPM to do something useful with it
 TSSIdentityInfo TPM_MakeIdentity(byte[] newKeyPass, byte[] srkPass, byte[] caDigest, TPMKeyWrapper template, TPMOSAPSession ownerSession)
          create an Identity Attestation Key
 TPMOIAPSession TPM_OIAP()
          Open an OIAP (Object Independant) session - needed to authorize some commands
 TPMOSAPSession TPM_OSAP(short entityType, int entityValue)
          Open an OSAP (Object Specific) session to authorize the use of special entities.
 void TPM_OwnerClear(byte[] ownerAuth)
          Clears the TPM (remove SRK and other keys)
 TPMPubKeyWrapper TPM_OwnerReadInternalPub(int key, byte[] ownerAuth)
          use owner authorization to read a keys' public part
 void TPM_PCR_Reset(PCRSelection pcr)
          reset a selection of PCRs using locality authorization
 byte[] TPM_PCRRead(int regnum)
          Read the value of the given PCR
 void TPM_PhysicalDisable()
          disable the TPM using physical presense as authorization
 void TPM_PhysicalEnable()
          enable the TPM using physical presense as authorization.
 byte[] TPM_Quote(int key, PCRSelection pcrSel, byte[] nounce, TPMOSAPSession session)
          Certify the current state of the system
 java.math.BigInteger TPM_ReadCounter(int counterID)
          read the current value of a counter
 TPMPubKeyWrapper TPM_ReadPubek()
          Read the public part of the endorsement key
 void TPM_ReleaseCounter(int counterID, TPMOSAPSession session)
          release a counter
 void TPM_ReleaseCounterOwner(int counterID, TPMOSAPSession session)
          release a counter with owner authorization
 boolean TPM_Reset()
          Reset the TPM (clear open session etc., this does not delete any keys)
 void TPM_SaveState()
          This warns a TPM to save some state information.
 byte[] TPM_Seal(int key, byte[] dataAuth, byte[] data, byte[] tpm_pcr_info, TPMOSAPSession session)
          Seal data - this way, the data can only be encrypted when the PCRs have the specified values
 boolean TPM_SelfTestFull()
          run a self test
 byte[] TPM_SHA1Complete(byte[] data)
          complete hash calculation
 byte[] TPM_SHA1CompleteExtend(int regnum, byte[] data)
          complete hash calculation, extend the given PCR with the result
 int TPM_SHA1Start()
          start a SHA1 compution inside the TPM
 void TPM_SHA1Update(byte[] data)
          copy data to the TPM for hash computation
 byte[] TPM_Sign(int key, byte[] data, TPMOSAPSession session)
          Sign data using a key inside the TPM
 void TPM_Startup(short startupType)
          this happens automaticially when starting the TPM, this is here only for completeness
 void TPM_StirRandom(byte[] data)
          put some entropy into the TPM
 TPMKeyWrapper TPM_TakeOwnership(byte[] ownerPass, byte[] srkPass)
          Take Ownership of the TPM - this will create a SRK and set the most important passwords
 void TPM_Terminate_Handle(int handle)
          close a session handle - this is deprecated in 1.2, use FlushSpecific instead
 void TPM_Terminate_Handle(TPMSession s)
          close a session - this is depricated in 1,2, use FlushSpecific instead
 TPMSignedData TPM_TickStampBlob(int key, byte[] antiReplay, byte[] digest, TPMOSAPSession session)
          timestamp a given digest with a given key
 byte[] TPM_Unbind(int key, byte[] data, TPMOSAPSession session)
          Unbind - just decrypt data which was encrypted with a public key belonging to a TPM key
 byte[] TPM_Unseal(int key, byte[] sealedAuth, byte[] sealedData, TPMOSAPSession session)
          Unseal - decrypt the sealed data (the PCRs must match the one specified when sealing)
 byte[] TSS_Bind(TPMPubKeyWrapper key, byte[] data)
          encrypt data for a given public key - the data can be decrypted using TPM_Unbind
 TCPAIdentityRequest TSS_CollateIdentityRequest(TCPAIdentityProof proof, byte[] chosenId, TPMKeyParms symParms, TPMPubKeyWrapper caPubKey)
          Combine a lot of stuff to build an Identity Request to be send to a Privacy CA
 byte[] TSS_RSA_Decrypt(java.security.PrivateKey key, byte[] encrypted)
          Decrypt some data encrypted to a PublicKey with TSS_RSA_Encrypt
 byte[] TSS_RSA_Encrypt(java.security.PublicKey key, byte[] unencrypted)
          encrypt some binary data to a public RSA key with all that TPM-specific pudding
 

Field Detail

TPM_BYTE_ORDER

static final java.nio.ByteOrder TPM_BYTE_ORDER
The TPM uses BIG_ENDIAN byte order.

TPM_HASHSIZE

static final int TPM_HASHSIZE
As a consequence of using SHA1, all hashes are 20 byte long

See Also:
Constant Field Values

VERSION11

static final int VERSION11
See Also:
Constant Field Values

VERSION12

static final int VERSION12
See Also:
Constant Field Values
Method Detail

isDebug

boolean isDebug()

setDebug

void setDebug(boolean debug)
If set to true, all binary commands and answers will be printed to System.Err

Parameters:
debug -

TPM_OIAP

TPMOIAPSession TPM_OIAP()
                        throws java.io.IOException,
                               TPMException
Open an OIAP (Object Independant) session - needed to authorize some commands

Returns:
the OIAP session
Throws:
java.io.IOException
TPMException

TPM_OSAP

TPMOSAPSession TPM_OSAP(short entityType,
                        int entityValue)
                        throws java.io.IOException,
                               TPMException,
                               java.security.InvalidKeyException,
                               java.security.NoSuchAlgorithmException
Open an OSAP (Object Specific) session to authorize the use of special entities. Don't forget to set the key for this entity using session.setSecretKey()

Parameters:
entityType - should be one of TSSCoreService.EntityType (like keyhandle or owner)
entityValue - the actual entity you want to access (eg. keyhandle id)
Returns:
the OSAP session
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException

TPM_ChangeAuth

byte[] TPM_ChangeAuth(TPMOSAPSession sessionParent,
                      int parentKeyHandle,
                      byte[] currentAuth,
                      byte[] newAuth,
                      short entityType,
                      byte[] data)
                      throws java.security.NoSuchAlgorithmException,
                             TSSException,
                             java.io.IOException,
                             TPMException,
                             java.security.InvalidKeyException
Change the password for an entity

Parameters:
sessionParent - the OSAP session which authorizes the parent, so that the secret data of the entity we want to change can be decrypted
parentKeyHandle - the handle of the parent key
currentAuth - the current password
newAuth - the new password
entityType - should be one of TSSCoreServoce.EntityType (like keyhandle or owner)
data - the encrypted blob we want to change
Returns:
Throws:
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException
java.security.InvalidKeyException

TPM_TakeOwnership

TPMKeyWrapper TPM_TakeOwnership(byte[] ownerPass,
                                byte[] srkPass)
                                throws java.security.NoSuchAlgorithmException,
                                       java.io.IOException,
                                       TPMException,
                                       TSSException,
                                       java.security.InvalidKeyException,
                                       javax.crypto.NoSuchPaddingException,
                                       java.security.InvalidAlgorithmParameterException,
                                       java.security.spec.InvalidKeySpecException,
                                       javax.crypto.IllegalBlockSizeException,
                                       javax.crypto.BadPaddingException
Take Ownership of the TPM - this will create a SRK and set the most important passwords

Parameters:
ownerPass - the new owner password
srkPass - the new srk password
Returns:
the new SRK public key
Throws:
java.security.NoSuchAlgorithmException
java.io.IOException
TPMException
TSSException
java.security.InvalidKeyException
javax.crypto.NoSuchPaddingException
java.security.InvalidAlgorithmParameterException
java.security.spec.InvalidKeySpecException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException

TPM_ChangeAuthOwner

void TPM_ChangeAuthOwner(TPMOSAPSession session,
                         short entityType,
                         byte[] newAuth)
                         throws java.security.NoSuchAlgorithmException,
                                TSSException,
                                java.io.IOException,
                                TPMException,
                                java.security.InvalidKeyException
Change an entities' password with owner power

Parameters:
session - authorized owner access
entityType - SRK or Owner
newAuth - new password
Throws:
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException
java.security.InvalidKeyException

TPM_Extend

byte[] TPM_Extend(int regnum,
                  byte[] newValue)
                  throws java.io.IOException,
                         TSSException,
                         TPMException
Extend one PCR - PCR[x] = SHA1(PCR[x] || newValue)

Parameters:
regnum - the register to extend
newValue - the new value
Returns:
the new value of the extend PCR
Throws:
java.io.IOException
TSSException
TPMException

TPM_PCRRead

byte[] TPM_PCRRead(int regnum)
                   throws java.io.IOException,
                          TPMException
Read the value of the given PCR

Parameters:
regnum -
Returns:
the PCR's value
Throws:
java.io.IOException
TPMException

TPM_Quote

byte[] TPM_Quote(int key,
                 PCRSelection pcrSel,
                 byte[] nounce,
                 TPMOSAPSession session)
                 throws java.security.InvalidKeyException,
                        java.security.NoSuchAlgorithmException,
                        java.io.IOException,
                        TPMException,
                        TSSException
Certify the current state of the system

Parameters:
key - the key to use for signing
pcrSel - the PCRs to sign
nounce - a nounce to prevent replay attacks
session - the authorization session for the used key
Returns:
a Quote signature
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.io.IOException
TPMException
TSSException

TPM_Seal

byte[] TPM_Seal(int key,
                byte[] dataAuth,
                byte[] data,
                byte[] tpm_pcr_info,
                TPMOSAPSession session)
                throws java.security.InvalidKeyException,
                       java.security.NoSuchAlgorithmException,
                       java.io.IOException,
                       TPMException,
                       TSSException
Seal data - this way, the data can only be encrypted when the PCRs have the specified values

Parameters:
key - the key used for encrpytion
dataAuth - password for sealing
data - the actual data to be sealed
tpm_pcr_info - the pcr selection
session - the authorization session for the used key
Returns:
the sealed blob
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.io.IOException
TPMException
TSSException

TPM_Unseal

byte[] TPM_Unseal(int key,
                  byte[] sealedAuth,
                  byte[] sealedData,
                  TPMOSAPSession session)
                  throws java.security.InvalidKeyException,
                         java.security.NoSuchAlgorithmException,
                         java.io.IOException,
                         TPMException,
                         TSSException
Unseal - decrypt the sealed data (the PCRs must match the one specified when sealing)

Parameters:
key - the key used to seal the data
sealedAuth - the password for sealing
sealedData - the actual encrypted (sealed) data
session - the authorization session for the used key
Returns:
the unsealed data
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.io.IOException
TPMException
TSSException

TPM_DirWriteAuth

void TPM_DirWriteAuth(int dirIndex,
                      byte[] newContents,
                      TPMOSAPSession session)
                      throws java.security.NoSuchAlgorithmException,
                             TSSException,
                             java.io.IOException,
                             TPMException,
                             java.security.InvalidKeyException
Write to a given Date Integrity Register

Parameters:
dirIndex - index of the DIR to write to
newContents - new contents (exactly 20 bytes)
session - owner authorized session
Throws:
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException
java.security.InvalidKeyException

TPM_DirRead

byte[] TPM_DirRead(int dirIndex)
                   throws java.security.NoSuchAlgorithmException,
                          TSSException,
                          java.io.IOException,
                          TPMException,
                          java.security.InvalidKeyException
read the contents of the given Data Integrity Register

Parameters:
dirIndex -
Returns:
the value of the DIR
Throws:
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException
java.security.InvalidKeyException

TPM_Unbind

byte[] TPM_Unbind(int key,
                  byte[] data,
                  TPMOSAPSession session)
                  throws java.io.IOException,
                         TPMException,
                         java.security.InvalidKeyException,
                         java.security.NoSuchAlgorithmException,
                         TSSException
Unbind - just decrypt data which was encrypted with a public key belonging to a TPM key

Parameters:
key - the key to use for decryption
data - the encrypted data
session - the authorization session for the used key
Returns:
the decrypted data
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_CreateWrapKey

TPMKeyWrapper TPM_CreateWrapKey(int parentKeyID,
                                byte[] parentKeyPass,
                                byte[] newKeyPass,
                                byte[] migrationPass,
                                TPMKeyWrapper template)
                                throws java.io.IOException,
                                       TPMException,
                                       java.security.InvalidKeyException,
                                       java.security.NoSuchAlgorithmException,
                                       TSSException
Create a new key for use inside the TPM

Parameters:
parentKeyID - the key id of the parent (if you don't have parents, use TSSCoreService.KeyHandle.TPM_KH_SRK)
parentKeyPass - the password to use the parent (no OSAP here, right)
newKeyPass - the password for the new key (if any)
migrationPass - if you want the key to be migratable, you need to specify a migration password (*and* you have to set the migratable flag in the template!)
template - the template for the new key. just use the TPMKeyWrapper.template... functions.
Returns:
the new key
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_LoadKey

int TPM_LoadKey(int parentKeyID,
                TPMKeyWrapper key,
                TPMOSAPSession session)
                throws java.io.IOException,
                       TPMException,
                       java.security.InvalidKeyException,
                       java.security.NoSuchAlgorithmException,
                       TSSException
Load a key (aka encrypted blob) inside the TPM to do something useful with it

Parameters:
parentKeyID - the parent of the key to load
key - the key to load
session - the authorization session for the used parent key
Returns:
the handle for the newly loaded key
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_GetPubKey

TPMPubKeyWrapper TPM_GetPubKey(int keyHandle,
                               byte[] keyPass)
                               throws java.security.InvalidKeyException,
                                      java.security.NoSuchAlgorithmException,
                                      TSSException,
                                      java.io.IOException,
                                      TPMException
Get the public key part of a key inside the TPM

Parameters:
keyHandle - the key...
keyPass - the usage password for this key - you might not want everyone to get you public key...
Returns:
the public key
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException

TPM_CreateMigrationBlob

byte[] TPM_CreateMigrationBlob(int parentKeyHandle,
                               short migrationScheme,
                               TPMMigrationKeyAuth mka,
                               byte[] encryptedEntity,
                               TPMOSAPSession parentKeySession,
                               byte[] entityMigrationPass)
                               throws java.security.InvalidKeyException,
                                      java.security.NoSuchAlgorithmException,
                                      TSSException,
                                      java.io.IOException,
                                      TPMException
create a migration blob - you can use TPM_ConvertMigrationBlob later to re-import the blob on another TPM

Parameters:
parentKeyHandle - the parent of the key to be migrated
migrationScheme - the migration scheme - see TSSCoreService.MigrationSchemes
mka - the Migration Key Auth generated by TPM_AuthorizeMigrationAuth
encryptedEntity - the encrypted key
parentKeySession - the authorization session for the used keys' parent
entityMigrationPass - the migration password (the one you gave when creating the key)
Returns:
the migration blob
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException

TPM_ConvertMigrationBlob

byte[] TPM_ConvertMigrationBlob(int parentKeyHandle,
                                byte[] migrationBlob,
                                TPMOSAPSession session)
                                throws java.security.InvalidKeyException,
                                       java.security.NoSuchAlgorithmException,
                                       TSSException,
                                       java.io.IOException,
                                       TPMException
read a migration blob into the new TPM

Parameters:
parentKeyHandle - the handle of the new parent
migrationBlob - the migration blob (what a surprise...)
session - the authorization session for parent of the migrated key
Returns:
the converted blob
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException

TPM_AuthorizeMigrationKey

TPMMigrationKeyAuth TPM_AuthorizeMigrationKey(TPMPubKeyWrapper pubKey,
                                              short migrationScheme,
                                              TPMOSAPSession session)
                                              throws java.security.InvalidKeyException,
                                                     java.security.NoSuchAlgorithmException,
                                                     TSSException,
                                                     java.io.IOException,
                                                     TPMException
create a Migration Key Auth - this is what you need if you want to migrate a key

Parameters:
pubKey - the public key of the TPM the key shall be migrated to - be sure it is the right one ;-)
migrationScheme - migration scheme, see TSSCoreService.MigrationScheme
session - the authorization session for the used key
Returns:
the authorization token
Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException
java.io.IOException
TPMException

TPM_CertifyKey

TPMCertifyInfo TPM_CertifyKey(int certKey,
                              int keyToCertify,
                              byte[] nounce,
                              TPMOSAPSession certSession,
                              TPMOSAPSession keySession)
                              throws java.io.IOException,
                                     TPMException,
                                     java.security.InvalidKeyException,
                                     java.security.NoSuchAlgorithmException,
                                     TSSException
sign one key's public key with another key

Parameters:
certKey - the key used to sign
keyToCertify - the key which should be certified
nounce - anti-replay
certSession - the authorization session for the key used to ceritify
keySession - the authorization session for the key to be certified
Returns:
the certification information structure
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_Sign

byte[] TPM_Sign(int key,
                byte[] data,
                TPMOSAPSession session)
                throws java.io.IOException,
                       TPMException,
                       java.security.InvalidKeyException,
                       java.security.NoSuchAlgorithmException,
                       TSSException
Sign data using a key inside the TPM

Parameters:
key - the key to use
data - the data to sign
session - the session authorizing the use of key
Returns:
the signature
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_EvictKey

void TPM_EvictKey(int handle)
                  throws java.io.IOException,
                         TPMException
unload the key given by handle. this function is deprecated in 1.2, use flush_specific instead!

Parameters:
handle - the key to unload
Throws:
java.io.IOException
TPMException

TPM_GetRandom

byte[] TPM_GetRandom(int num_bytes)
                     throws java.io.IOException,
                            TPMException
get some random bytes from the TPM

Parameters:
num_bytes - the number of bytes to retrieve
Returns:
the random bytes
Throws:
java.io.IOException
TPMException

TPM_StirRandom

void TPM_StirRandom(byte[] data)
                    throws java.io.IOException,
                           TPMException
put some entropy into the TPM

Parameters:
data - random data
Throws:
java.io.IOException
TPMException

TPM_SelfTestFull

boolean TPM_SelfTestFull()
                         throws java.io.IOException,
                                TPMException
run a self test

Returns:
whether the TPM thinks it's fine
Throws:
java.io.IOException
TPMException

TPM_ContinueSelfTest

void TPM_ContinueSelfTest()
                          throws java.io.IOException,
                                 TPMException
Ensure that all self tests are run

Throws:
java.io.IOException
TPMException

TPM_GetTestResult

byte[] TPM_GetTestResult()
                         throws java.io.IOException,
                                TPMException
Retrieve the results of the self tests (even in failure mode)

Returns:
manufactorer specific blob
Throws:
java.io.IOException
TPMException

TPM_Reset

boolean TPM_Reset()
                  throws java.io.IOException,
                         TPMException
Reset the TPM (clear open session etc., this does not delete any keys)

Returns:
if the command executed correctly
Throws:
java.io.IOException
TPMException

TPM_OwnerClear

void TPM_OwnerClear(byte[] ownerAuth)
                    throws java.io.IOException,
                           TPMException,
                           java.security.InvalidKeyException,
                           java.security.NoSuchAlgorithmException,
                           TSSException
Clears the TPM (remove SRK and other keys)

Parameters:
ownerAuth - the owner password
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_DisableOwnerClear

void TPM_DisableOwnerClear(byte[] ownerAuth)
                           throws java.io.IOException,
                                  TPMException,
                                  java.security.InvalidKeyException,
                                  java.security.NoSuchAlgorithmException,
                                  TSSException
Disable the possibility to clear the owner. The only way to clear the owner is tp use physcial presence (ForceClear).

Parameters:
ownerAuth - the owner password
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_ForceClear

void TPM_ForceClear()
                    throws java.io.IOException,
                           TPMException
clear the owner using physical presence as authorization

Throws:
java.io.IOException
TPMException

TPM_DisableForceClear

void TPM_DisableForceClear()
                           throws java.io.IOException,
                                  TPMException
disable ForceClear until the next startup of the TPM

Throws:
java.io.IOException
TPMException

TPM_GetCapability

byte[] TPM_GetCapability(int capArea,
                         byte[] stuff)
                         throws java.io.IOException,
                                TPMException
return some information about the TPM. for capArea, please see TssLowLevel.Capabilities

Parameters:
capArea - the area
stuff - area specific selector
Returns:
the cap-specific data
Throws:
java.io.IOException
TPMException

TPM_GetCapability_Version

int TPM_GetCapability_Version()
                              throws java.io.IOException,
                                     TPMException
GetCapability for TPM_CAP_VERSION

Returns:
the version number as one in (eg. 0x01010006 for a 1.1.0.6 Atmel TPM)
Throws:
java.io.IOException
TPMException

TPM_GetCapability_Slots

int TPM_GetCapability_Slots()
                            throws java.io.IOException,
                                   TPMException
GetCapability for TPM_CAP_PROP_KEYS

Returns:
the number of key slots
Throws:
java.io.IOException
TPMException

TPM_GetCapability_Pcrs

int TPM_GetCapability_Pcrs()
                           throws java.io.IOException,
                                  TPMException
GetCapability for TPM_CAP_PROP_PCR

Returns:
PCR count
Throws:
java.io.IOException
TPMException

TPM_GetCapability_Key_Handle

int[] TPM_GetCapability_Key_Handle()
                                   throws java.io.IOException,
                                          TPMException
GetCapability for TPM_CAP_KEY_HANDLE

Returns:
a array of all loaded key handles
Throws:
java.io.IOException
TPMException

TPM_PhysicalEnable

void TPM_PhysicalEnable()
                        throws java.io.IOException,
                               TPMException
enable the TPM using physical presense as authorization. It is very likely that this will not work, unless you are running inside the POST routine or someting.

Throws:
java.io.IOException
TPMException

TPM_PhysicalDisable

void TPM_PhysicalDisable()
                         throws java.io.IOException,
                                TPMException
disable the TPM using physical presense as authorization

Throws:
java.io.IOException
TPMException

TPM_MakeIdentity

TSSIdentityInfo TPM_MakeIdentity(byte[] newKeyPass,
                                 byte[] srkPass,
                                 byte[] caDigest,
                                 TPMKeyWrapper template,
                                 TPMOSAPSession ownerSession)
                                 throws java.io.IOException,
                                        TPMException,
                                        java.security.InvalidKeyException,
                                        java.security.NoSuchAlgorithmException,
                                        TSSException
create an Identity Attestation Key

Parameters:
newKeyPass - password for the new key
srkPass - the srk password
caDigest - digest of the identity label an privacy CA
template - template of the key
ownerSession - session with owner authorization
Returns:
The created Key, and the IdentityBinding
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_ActivateIdentity

TPMSymmetricKey TPM_ActivateIdentity(int key,
                                     byte[] blob,
                                     byte[] ownerPass,
                                     TPMOSAPSession keySession)
                                     throws java.io.IOException,
                                            TPMException,
                                            java.security.InvalidKeyException,
                                            java.security.NoSuchAlgorithmException,
                                            TSSException
activate an Identity Attestation Key with some data from some privacy CA

Parameters:
key -
blob -
ownerPass -
keySession -
Returns:
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_ReadPubek

TPMPubKeyWrapper TPM_ReadPubek()
                               throws java.io.IOException,
                                      TPMException,
                                      java.security.NoSuchAlgorithmException,
                                      TSSException
Read the public part of the endorsement key

Returns:
the pubEK
Throws:
java.io.IOException
TPMException
java.security.NoSuchAlgorithmException
TSSException

TPM_DisablePubekRead

void TPM_DisablePubekRead(byte[] ownerAuth)
                          throws java.io.IOException,
                                 TPMException,
                                 java.security.InvalidKeyException,
                                 java.security.NoSuchAlgorithmException,
                                 TSSException
disable ReadPubek

Parameters:
ownerAuth - the owner password
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_OwnerReadInternalPub

TPMPubKeyWrapper TPM_OwnerReadInternalPub(int key,
                                          byte[] ownerAuth)
                                          throws java.io.IOException,
                                                 TPMException,
                                                 java.security.InvalidKeyException,
                                                 java.security.NoSuchAlgorithmException,
                                                 TSSException
use owner authorization to read a keys' public part

Parameters:
key - the key handle
ownerAuth - the owner password
Returns:
the pub key
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TPM_Terminate_Handle

void TPM_Terminate_Handle(int handle)
                          throws java.io.IOException,
                                 TPMException
close a session handle - this is deprecated in 1.2, use FlushSpecific instead

Parameters:
handle - the session handle to close
Throws:
java.io.IOException
TPMException

TPM_Terminate_Handle

void TPM_Terminate_Handle(TPMSession s)
                          throws java.io.IOException,
                                 TPMException
close a session - this is depricated in 1,2, use FlushSpecific instead

Parameters:
s - session to terminate
Throws:
java.io.IOException
TPMException

TPM_SaveState

void TPM_SaveState()
                   throws java.io.IOException,
                          TPMException
This warns a TPM to save some state information. Normally only used before turning the power off.

Throws:
java.io.IOException
TPMException

TPM_Startup

void TPM_Startup(short startupType)
                 throws java.io.IOException,
                        TPMException
this happens automaticially when starting the TPM, this is here only for completeness

Parameters:
startupType - see TSSCoreService.StartupType
Throws:
java.io.IOException
TPMException

TPM_SHA1Start

int TPM_SHA1Start()
                  throws java.io.IOException,
                         TPMException
start a SHA1 compution inside the TPM

Returns:
Maximum number of bytes that can be sent to TPM_SHA1Update
Throws:
java.io.IOException
TPMException

TPM_SHA1Update

void TPM_SHA1Update(byte[] data)
                    throws java.io.IOException,
                           TPMException
copy data to the TPM for hash computation

Parameters:
data - Must be a multiple of 64 bytes
Throws:
java.io.IOException
TPMException

TPM_SHA1Complete

byte[] TPM_SHA1Complete(byte[] data)
                        throws java.io.IOException,
                               TPMException
complete hash calculation

Parameters:
data - Must be 64 or less
Returns:
the SHA1 hash
Throws:
java.io.IOException
TPMException

TPM_SHA1CompleteExtend

byte[] TPM_SHA1CompleteExtend(int regnum,
                              byte[] data)
                              throws java.io.IOException,
                                     TPMException
complete hash calculation, extend the given PCR with the result

Parameters:
regnum - PCR to extend
data - last data part (<=64 bytes)
Returns:
the SHA1 hash
Throws:
java.io.IOException
TPMException

TPM_FlushSpecific

void TPM_FlushSpecific(int handle,
                       int resourceType)
                       throws java.io.IOException,
                              TPMException
TPM 1.2 command, terminate the given handle of the resourceType (see TSSCoreService.ResourceType)

Parameters:
handle - the handle to terminate
resourceType - the resource type of the handle
Throws:
java.io.IOException
TPMException

TPM_PCR_Reset

void TPM_PCR_Reset(PCRSelection pcr)
                   throws java.io.IOException,
                          TPMException
reset a selection of PCRs using locality authorization

Parameters:
pcr - the selected PCRs
Throws:
java.io.IOException
TPMException

TPM_CreateCounter

int TPM_CreateCounter(byte[] newCounterPass,
                      byte[] label,
                      TPMOSAPSession session)
                      throws TSSException,
                             java.security.NoSuchAlgorithmException,
                             java.security.InvalidKeyException,
                             java.io.IOException,
                             TPMException
create a new monotonic counter (1.2 only)

Parameters:
newCounterPass - the password to protect the new counter
label - a 4 byte label
session - owner authorization session
Returns:
the counter handle
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_IncrementCounter

java.math.BigInteger TPM_IncrementCounter(int counterID,
                                          TPMOSAPSession session)
                                          throws TSSException,
                                                 java.security.NoSuchAlgorithmException,
                                                 java.security.InvalidKeyException,
                                                 java.io.IOException,
                                                 TPMException
increment a monotonic counter

Parameters:
counterID - the counter to increment
session - authorization session for the counter
Returns:
new value
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_ReadCounter

java.math.BigInteger TPM_ReadCounter(int counterID)
                                     throws java.io.IOException,
                                            TPMException
read the current value of a counter

Parameters:
counterID - counter to read from
Returns:
current value
Throws:
java.io.IOException
TPMException

TPM_ReleaseCounter

void TPM_ReleaseCounter(int counterID,
                        TPMOSAPSession session)
                        throws TSSException,
                               java.security.NoSuchAlgorithmException,
                               java.security.InvalidKeyException,
                               java.io.IOException,
                               TPMException
release a counter

Parameters:
counterID - the counter to release
session - authorization session for the counter
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_ReleaseCounterOwner

void TPM_ReleaseCounterOwner(int counterID,
                             TPMOSAPSession session)
                             throws TSSException,
                                    java.security.NoSuchAlgorithmException,
                                    java.security.InvalidKeyException,
                                    java.io.IOException,
                                    TPMException
release a counter with owner authorization

Parameters:
counterID - the counter to release
session - authorization session for the owner
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_EstablishTransport

TPMTransportSession TPM_EstablishTransport(int key,
                                           TPMTransportPublic transportPublic,
                                           byte[] encryptedSecret,
                                           TPMOSAPSession session)
                                           throws TSSException,
                                                  java.security.NoSuchAlgorithmException,
                                                  java.security.InvalidKeyException,
                                                  java.io.IOException,
                                                  TPMException
These commands have not been tested, because the 1.2 TPM emulator oopses when I try...

Parameters:
key -
transportPublic -
encryptedSecret -
session -
Returns:
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_ExecuteTransport

byte[] TPM_ExecuteTransport(byte[] wrappedCmd,
                            TPMTransportSession session)
                            throws TSSException,
                                   java.security.NoSuchAlgorithmException,
                                   java.security.InvalidKeyException,
                                   java.io.IOException,
                                   TPMException
Throws:
TSSException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.io.IOException
TPMException

TPM_GetTicks

java.math.BigInteger TPM_GetTicks()
                                  throws java.io.IOException,
                                         TPMException
Get the tick count from the TPM. this does not need to be more than a monotonic counter

Returns:
current tick count
Throws:
java.io.IOException
TPMException

TPM_TickStampBlob

TPMSignedData TPM_TickStampBlob(int key,
                                byte[] antiReplay,
                                byte[] digest,
                                TPMOSAPSession session)
                                throws java.io.IOException,
                                       TPMException,
                                       java.security.InvalidKeyException,
                                       java.security.NoSuchAlgorithmException,
                                       TSSException
timestamp a given digest with a given key

Parameters:
key -
antiReplay -
digest -
session -
Returns:
the signed data
Throws:
java.io.IOException
TPMException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
TSSException

TSS_Bind

byte[] TSS_Bind(TPMPubKeyWrapper key,
                byte[] data)
                throws java.security.NoSuchAlgorithmException,
                       javax.crypto.NoSuchPaddingException,
                       java.security.InvalidKeyException,
                       java.security.spec.InvalidKeySpecException,
                       javax.crypto.IllegalBlockSizeException,
                       javax.crypto.BadPaddingException,
                       java.io.IOException,
                       TPMException,
                       java.security.InvalidAlgorithmParameterException
encrypt data for a given public key - the data can be decrypted using TPM_Unbind

Parameters:
key - the key do encrypt to
data - the data to encrypt
Returns:
the encrypted data
Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
java.io.IOException
TPMException
java.security.InvalidAlgorithmParameterException

TSS_CollateIdentityRequest

TCPAIdentityRequest TSS_CollateIdentityRequest(TCPAIdentityProof proof,
                                               byte[] chosenId,
                                               TPMKeyParms symParms,
                                               TPMPubKeyWrapper caPubKey)
                                               throws java.io.IOException,
                                                      TPMException,
                                                      java.security.NoSuchAlgorithmException,
                                                      java.security.SignatureException,
                                                      java.security.InvalidKeyException,
                                                      java.security.spec.InvalidKeySpecException,
                                                      java.security.InvalidAlgorithmParameterException,
                                                      javax.crypto.NoSuchPaddingException,
                                                      javax.crypto.IllegalBlockSizeException,
                                                      javax.crypto.BadPaddingException
Combine a lot of stuff to build an Identity Request to be send to a Privacy CA

Parameters:
proof -
chosenId -
symParms -
caPubKey -
Returns:
the identity request
Throws:
java.io.IOException
TPMException
java.security.NoSuchAlgorithmException
java.security.SignatureException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
javax.crypto.NoSuchPaddingException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException

TSS_RSA_Encrypt

byte[] TSS_RSA_Encrypt(java.security.PublicKey key,
                       byte[] unencrypted)
                       throws java.security.NoSuchAlgorithmException,
                              javax.crypto.NoSuchPaddingException,
                              java.security.InvalidKeyException,
                              java.security.InvalidAlgorithmParameterException,
                              java.security.spec.InvalidKeySpecException,
                              javax.crypto.IllegalBlockSizeException,
                              javax.crypto.BadPaddingException
encrypt some binary data to a public RSA key with all that TPM-specific pudding

Parameters:
key - public RSA key to use
unencrypted - the data to be encrypted
Returns:
the encrypted data
Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
java.security.spec.InvalidKeySpecException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException

TSS_RSA_Decrypt

byte[] TSS_RSA_Decrypt(java.security.PrivateKey key,
                       byte[] encrypted)
                       throws java.security.NoSuchAlgorithmException,
                              javax.crypto.NoSuchPaddingException,
                              java.security.InvalidKeyException,
                              java.security.InvalidAlgorithmParameterException,
                              java.security.spec.InvalidKeySpecException,
                              javax.crypto.IllegalBlockSizeException,
                              javax.crypto.BadPaddingException
Decrypt some data encrypted to a PublicKey with TSS_RSA_Encrypt

Parameters:
key -
encrypted -
Returns:
the decrypted data
Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
java.security.spec.InvalidKeySpecException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException

GetNounce

byte[] GetNounce()
Returns:
a 20 byte random number that can be used as a nounce

GetRandomBytes

byte[] GetRandomBytes(int size)
get some random data (from a normal Random, not from the TPM)

Parameters:
size -
Returns:

isCheckReply

boolean isCheckReply()
Returns:
whether the TPMs replies are verified

setCheckReply

void setCheckReply(boolean checkReply)
Turn reply verification (hmac, hash) on or off

Parameters:
checkReply -
Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
http://tpm4java.datenzone.de/