com.intel.crypto
Class EpidAlgEx2
- java.lang.Object
-
- com.intel.crypto.EpidAlg
-
- com.intel.crypto.EpidAlgEx2
-
- All Implemented Interfaces:
- Signature
public abstract class EpidAlgEx2 extends EpidAlg
This abstract class represents the extended version of the Intel® Enhanced Privacy ID (Intel® EPID) signing algorithm: Intel® EPID2.0. This algorithm extends the Intel EPID support by providing the following mechanisms:
- Supplying a signature revocation list to provide non-revocation proof to the signature verifier
This class is stateful and setting the class properties before the signature will affect the result. By default the signature will be a basic signature with no signature revocation listwill be set to all zeros
The following inherited methods are not supported by this class and will throwNotSupportedException
:-
signComplete
-
verifyComplete
-
setNonce
-
setBasename
-
getNonceLength
-
getBasenameLength
-
-
Method Summary
Methods Modifier and Type Method and Description static EpidAlgEx2
createAlg()
Factory method for creating a concrete instance.abstract short
getBasenameLength()
Return the buffer size for the basenameabstract short
getCertificateLength()
Return the size of Intel EPID public certificateabstract short
getGroupId(byte[] groupId, short groupIdIndex)
Returns the Intel EPID Group ID for this platform.abstract short
getGroupIdLength()
Returns the length of the Intel EPID Group ID.abstract short
getNonceLength()
Returns the buffer size for the nonceabstract short
getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling theprovisionData()
method, if the response size is not known in advance.abstract short
getSignatureLength()
Returns the length of the signature generated by this instance.abstract short
getSignatureRevocationListMaxLength()
Returns the maximum size allowed for the signature revocation list (SIG-RL) bufferabstract short
getTaskInfoSize()
Return the size of TaskInfo bufferabstract void
interactiveSign(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength, byte[] certificate, short certificateIndex, short certificateLength, byte[] taskInfo, short taskInfoIndex, short taskInfoLength)
Signs the provided input data using the key currently stored by the instance.abstract boolean
isProvisioned()
Indicates whether the Intel EPID 2.0 provisioning process was already performed on this platform.abstract short
provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
A transport tunnel for passing Intel EPID provisioning data from an external source (for example, a host software application) to the firmware.abstract void
setBasename(byte[] basename, short index, short length)
Sets the basename that will be signed as part of the signatureabstract void
setNonce(byte[] nonce, short index, short length)
Sets the nonce that will be signed as part of the signatureabstract void
setSignatureRevocationList(byte[] sigRl, short index, short length)
Sets the signature revocation list (SIG-RL) that will be signed as part of the signatureabstract void
setVerifierMessage(byte[] verifierMessag, short index, short length)
Sets the verifier message that will be signed as part of the signatureabstract short
signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
Signs the provided input data using the key currently stored by the instance.abstract boolean
verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance.
-
-
-
Method Detail
-
isProvisioned
public abstract boolean isProvisioned()
Indicates whether the Intel EPID 2.0 provisioning process was already performed on this platform. If the INtel EPID public key is provisioned, this class can be used to generate Intel PID signatures.- Specified by:
isProvisioned
in classEpidAlg
- Returns:
true
if Intel EPID 1.1 is provisioned,false
otherwise.
-
provisionData
public abstract short provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
A transport tunnel for passing Intel EPID provisioning data from an external source (for example, a host software application) to the firmware. Note that this method does not perform any parsing on the input/output data, but simply passes the data as a blob to/from the internal firmware module that handles Intel EPID provisioning. ThegetProvisionDataMaxOutputLength
method can be used to retrieve the maximum required size of the output array.- Specified by:
provisionData
in classEpidAlg
- Parameters:
input
- input datainputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the output dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- if the buffer is in an illegal lengthCryptoException
- if some other unexpected failure has occurred
-
getProvisionDataMaxOutputLength
public abstract short getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling theprovisionData()
method, if the response size is not known in advance.- Specified by:
getProvisionDataMaxOutputLength
in classEpidAlg
- Returns:
- The maximum response size (in bytes) for the
provisionData
method.
-
getGroupId
public abstract short getGroupId(byte[] groupId, short groupIdIndex)
Returns the Intel EPID Group ID for this platform. ThegetGroupIdLength
method can be used to retrieve the required size of the output array.- Specified by:
getGroupId
in classEpidAlg
- Parameters:
groupId
- an array to hold the Group IDgroupIdIndex
- index in the array- Returns:
- Group ID length.
-
getGroupIdLength
public abstract short getGroupIdLength()
Returns the length of the Intel EPID Group ID.- Specified by:
getGroupIdLength
in classEpidAlg
- Returns:
- Intel EPID Group ID length in bytes.
-
getSignatureRevocationListMaxLength
public abstract short getSignatureRevocationListMaxLength()
Returns the maximum size allowed for the signature revocation list (SIG-RL) buffer
-
getBasenameLength
public abstract short getBasenameLength()
Return the buffer size for the basename- Throws:
NotSupportedException
- always
-
getNonceLength
public abstract short getNonceLength()
Returns the buffer size for the nonce- Throws:
NotSupportedException
- always
-
setSignatureRevocationList
public abstract void setSignatureRevocationList(byte[] sigRl, short index, short length) throws CryptoException
Sets the signature revocation list (SIG-RL) that will be signed as part of the signature- Parameters:
sigRl
- the buffer for the signature revocation list or null to set no revocationindex
- the offset in thesigRl
arraylength
- the length of thesigRl
array- Throws:
IllegalParameterException
- if the buffer is in an illegal lengthCryptoException
- if some other unexpected failure has occurred
- Note: If
setSignatureRevocationList
is called with invalid data, the exception may not be thrown immediately. In such a case, it may be thrown only after callinggetSignatureLength
orinteractiveSign
.-
setVerifierMessage
public abstract void setVerifierMessage(byte[] verifierMessag, short index, short length)
Sets the verifier message that will be signed as part of the signature- Parameters:
verifierData
- the information the verifier provides to the prover for signatureindex
- the index of the data in the bufferlength
- the verifier data size
-
setBasename
public abstract void setBasename(byte[] basename, short index, short length) throws CryptoException
Sets the basename that will be signed as part of the signature- Throws:
NotSupportedException
- alwaysCryptoException
-
setNonce
public abstract void setNonce(byte[] nonce, short index, short length) throws CryptoException
Sets the nonce that will be signed as part of the signature- Throws:
NotSupportedException
- alwaysCryptoException
-
signComplete
public abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex) throws CryptoException
Signs the provided input data using the key currently stored by the instance. Note thatgetSignatureLength()
should be called to allocate the signature buffer right before this call as length of the signature is subject to change based on the current configuration of the signature.- Specified by:
signComplete
in interfaceSignature
- Specified by:
signComplete
in classEpidAlg
- Parameters:
data
- the input data to signdataIndex
- index in the input arraydataLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The number of bytes written into the signature array.
- Throws:
NotSupportedException
- alwaysNotInitializedException
- if this instance is not configured correctly in order to generate a signature. For example, the key required for signing the data is not set.IllegalParameterException
- if the data provided for signing is illegalCryptoException
- if some unexpected error has occurred
-
verifyComplete
public abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
Verifies the signature on the provided input data using the key currently stored by the instance.- Specified by:
verifyComplete
in interfaceSignature
- Specified by:
verifyComplete
in classEpidAlg
- Parameters:
data
- the input data that was signeddataIndex
- index in the input arraydataLength
- input data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
NotSupportedException
- alwaysNotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.IllegalParameterException
- if the data provided for verification is illegalCryptoException
- if some unexpected error has occurred
-
getSignatureLength
public abstract short getSignatureLength() throws CryptoException
Returns the length of the signature generated by this instance.- Returns:
- Signature length in bytes.
- Throws:
NotInitializedException
- if this instance is not configured correctly in order to calculate the signature size. For example, a required key is not set.CryptoException
- if some unexpected error has occurred
-
getCertificateLength
public abstract short getCertificateLength() throws CryptoException
Return the size of the Intel EPID public certificate- Returns:
- the size of the Intel EPID public certificate
- Throws:
CryptoException
-
getTaskInfoSize
public abstract short getTaskInfoSize()
Return the size of TaskInfo buffer- Returns:
- Return the size of TaskInfo buffer
-
interactiveSign
public abstract void interactiveSign(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength, byte[] certificate, short certificateIndex, short certificateLength, byte[] taskInfo, short taskInfoIndex, short taskInfoLength) throws CryptoException
Signs the provided input data using the key currently stored by the instance. Note thatgetSignatureLength()
should be called to allocate the signature buffer right before this call as length of the signature is subject to change based on the current configuration of the signature. The maximum data size to be signed is limited to 32KB. Note that this method will prepend the taskInfo data to the data buffer and sign on it. the taskInfo data will return as a buffer.- Parameters:
data
- the data to be signeddataIndex
- the index of the data in the bufferdataLength
- the data lengthsignature
- buffer the the siganturesignatureIndex
- index in the buffer to start copy tosignatureLength
- size of sapce in the buffer for the signaturecertificate
- buffer for the public EIPD certificatecertificateIndex
- index in the buffer to start copy tocertificateLength
- size of space in the buffer for the certificatetaskInfo
- buffer for the task Info meta data that added to the signaturetaskInfoIndex
- index in the buffer to start copy totaskInfoLength
- size of space in the buffer for the TaskInfo- Throws:
CryptoException
IllegalParameterException
- if the buffer is in an illegal length
-
createAlg
public static EpidAlgEx2 createAlg()
Factory method for creating a concrete instance.- Returns:
EpidAlgEx2
instance.
-
-