com.intel.crypto
Class EpidAlg
java.lang.Objectcom.intel.crypto.EpidAlg
- All Implemented Interfaces:
- Signature
public abstract class EpidAlg
- extends java.lang.Object
- implements Signature
- extends java.lang.Object
This abstract class represents the Enhanced Privacy ID (EPID) signing algorithm. This class creates EPID signatures and exposes an interface for EPID provisioning. The EPID provisioning is a one-time process required to enable EPID signature generation in the firmware.
The following inherited methods are not supported by this class and will throwNotSupportedException
:
-
verifyComplete
Method Summary | |
---|---|
static EpidAlg |
create()
Factory method for creating a concrete instance. |
abstract short |
getGroupId(byte[] groupId,
short groupIdIndex)
Returns the EPID Group ID for this platform. |
abstract short |
getGroupIdLength()
Returns the length of the EPID Group ID. |
abstract short |
getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling the provisionData() method, if the response size is not known in advance. |
abstract boolean |
isProvisioned()
Indicates whether the EPID 1.0 provisioning process was already done on this platform. |
abstract short |
provisionData(byte[] input,
short inputIndex,
short inputLength,
byte[] output,
short outputIndex)
A transport tunnel for passing EPID provisioning data from an external source (for example, a host software application) to the firmware. |
abstract short |
signComplete(byte[] data,
short dataIndex,
short dataLength,
byte[] signature,
short signatureIndex)
Signs the provided input data using the key currently stored by the instance. |
abstract boolean |
verifyComplete(byte[] data,
short dataIndex,
short dataLength,
byte[] signature,
short signatureIndex,
short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance. |
Methods inherited from class java.lang.Object |
---|
equals, hashCode, toString |
Methods inherited from interface com.intel.crypto.Signature |
---|
getSignatureLength |
Method Detail |
---|
isProvisioned
public abstract boolean isProvisioned()
- Indicates whether the EPID 1.0 provisioning process was already done on this platform.
If EPID public key is provisioned, this class can be used to generate EPID signatures.
- Returns:
true
if EPID 1.0 is provisioned,false
otherwise.
provisionData
public abstract short provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
- A transport tunnel for passing EPID provisioning data from an external source
(for example, a host software application) to the firmware.
Note that this method does not perform any parsing on the input/output
data, but simply passes the data as a blob to/from the internal
firmware module that handles EPID provisioning. The
getProvisionDataMaxOutputLength
method can be used to retrieve the maximum required size of the output array.- Parameters:
input
- input datainputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the output dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
getProvisionDataMaxOutputLength
public abstract short getProvisionDataMaxOutputLength()
- Returns the maximum size of output buffer that must be allocated while calling
the
provisionData()
method, if the response size is not known in advance.- Returns:
- The maximum response size (in bytes) for the
provisionData
method.
getGroupId
public abstract short getGroupId(byte[] groupId, short groupIdIndex)
- Returns the EPID Group ID for this platform.
The
getGroupIdLength
method can be used to retrieve the required size of the output array.- Parameters:
groupId
- an array to hold the Group IDgroupIdIndex
- index in the array- Returns:
- Group ID length.
getGroupIdLength
public abstract short getGroupIdLength()
- Returns the length of the EPID Group ID.
- Returns:
- EPID Group ID length in bytes.
signComplete
public abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex) throws CryptoException
- Signs the provided input data using the key currently stored by the instance.
Note that this method will add the caller application ID to the data
being signed in the following format:
IDLength (1 byte) | ID (IDLength bytes) | rest of the data to be signed.
- Specified by:
signComplete
in interfaceSignature
- Parameters:
data
- the input data to signdataIndex
- index in the input arraydataLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The number of bytes written into the signature array.
- Throws:
NotInitializedException
- if this method is called before EPID was provisioned.IllegalParameterException
- if the data provided for signing is illegalCryptoException
verifyComplete
public abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
- Verifies the signature on the provided input data using the key currently stored by the instance.
- Specified by:
verifyComplete
in interfaceSignature
- Parameters:
data
- the input data that was signeddataIndex
- index in the input arraydataLength
- input data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
NotSupportedException
- alwaysNotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.IllegalParameterException
- if the data provided for verification is illegalCryptoException
create
public static final EpidAlg create()
- Factory method for creating a concrete instance.
- Returns:
EpidAlg
instance.