com.intel.crypto
Class EpidAlg
- java.lang.Object
-
- com.intel.crypto.EpidAlg
-
- All Implemented Interfaces:
- Signature
- Direct Known Subclasses:
- EpidAlgEx, EpidAlgEx2
public abstract class EpidAlg extends java.lang.Object implements Signature
This abstract class represents the Intel® Enhanced Privacy ID (Intel® EPID) 1.0 signing algorithm. This class creates Intel EPID signatures and exposes an interface for Intel EPID provisioning. The Intel EPID provisioning is a one-time process required to enable Intel EPID signature generation in the firmware.
The following inherited methods are not supported by this class and will throwNotSupportedException
:-
verifyComplete
-
-
Method Summary
Methods Modifier and Type Method and Description static EpidAlg
create()
Factory method for creating a concrete instance.abstract short
getGroupId(byte[] groupId, short groupIdIndex)
Returns the EPID Group ID for this platform.abstract short
getGroupIdLength()
Returns the length of the EPID Group ID.abstract short
getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling theprovisionData()
method, if the response size is not known in advance.abstract boolean
isProvisioned()
Indicates whether the EPID 1.0 provisioning process was already done on this platform.abstract short
provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
A transport tunnel for passing Intel EPID provisioning data from an external source (for example, a host software application) to the firmware.abstract short
signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
Deprecated.as of API level 9. useEpidAlgEx
orEpidAlgEx2
instead.abstract boolean
verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance.-
Methods inherited from interface com.intel.crypto.Signature
getSignatureLength
-
-
-
-
Method Detail
-
isProvisioned
public abstract boolean isProvisioned()
Indicates whether the Intel EPID 1.0 provisioning process was already done on this platform. If EPID public key is provisioned, this class can be used to generate EPID signatures.- Returns:
true
if EPID 1.0 is provisioned,false
otherwise.
-
provisionData
public abstract short provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
A transport tunnel for passing Intel EPID provisioning data from an external source (for example, a host software application) to the firmware. Note that this method does not perform any parsing on the input/output data, but simply passes the data as a blob to/from the internal firmware module that handles Intel EPID provisioning. ThegetProvisionDataMaxOutputLength
method can be used to retrieve the maximum required size of the output array.- Parameters:
input
- input datainputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the output dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- if the buffer is in an illegal lengthCryptoException
- if some other unexpected failure has occurred
-
getProvisionDataMaxOutputLength
public abstract short getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling theprovisionData()
method, if the response size is not known in advance.- Returns:
- The maximum response size (in bytes) for the
provisionData
method.
-
getGroupId
public abstract short getGroupId(byte[] groupId, short groupIdIndex)
Returns the EPID Group ID for this platform. ThegetGroupIdLength
method can be used to retrieve the required size of the output array.- Parameters:
groupId
- an array to hold the Group IDgroupIdIndex
- index in the array- Returns:
- Group ID length.
-
getGroupIdLength
public abstract short getGroupIdLength()
Returns the length of the EPID Group ID.- Returns:
- EPID Group ID length in bytes.
-
signComplete
public abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex) throws CryptoException
Signs the provided input data using the key currently stored by the instance. Note that this method will add the caller application ID to the data being signed in the following format: IDLength (1 byte) | ID (IDLength bytes) | rest of the data to be signed. The maximum data size to be signed is limited to 32KB.- Specified by:
signComplete
in interfaceSignature
- Parameters:
data
- the input data to signdataIndex
- index in the input arraydataLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The number of bytes written into the signature array.
- Throws:
NotInitializedException
- if this method is called before EPID 1.0 was provisioned.IllegalParameterException
- if the data provided for signing is illegalCryptoException
- if some unexpected error has occurred
-
verifyComplete
public abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
Verifies the signature on the provided input data using the key currently stored by the instance.- Specified by:
verifyComplete
in interfaceSignature
- Parameters:
data
- the input data that was signeddataIndex
- index in the input arraydataLength
- input data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
NotSupportedException
- alwaysNotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.IllegalParameterException
- if the data provided for verification is illegalCryptoException
- if some unexpected error has occurred
-
create
public static final EpidAlg create()
Factory method for creating a concrete instance.- Returns:
EpidAlg
instance.
-
-