tss

Class Crypto

java.lang.Object

tss.Crypto

public class Crypto
extends Object

Interfaces to crypto functions (mostly using Bouncy Castle)

Author:

pengland

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Crypto.ECCKeyPair
static class	Crypto.RsaKeyPair

Constructor Summary

Constructors

Constructor and Description
Crypto()

Method Summary

Modifier and Type	Method and Description
static byte[]	asymEncrypt(TPMT_PUBLIC _pub, byte[] data, String encodingParms)
static byte[]	cfbEncrypt(boolean _encrypt, TPM_ALG_ID _algId, byte[] _key, byte[] _iv, byte[] _x)
static Crypto.ECCKeyPair	createECCKey(TPM_ECC_CURVE curveId, TPM_ALG_ID alg)
static Crypto.RsaKeyPair	createRsaKey(int keySize, int exponent)
static org.bouncycastle.jce.interfaces.ECPublicKey	decodeKey(byte[] encoded)
static int	digestSize(TPM_ALG_ID alg) Return the size in bytes of a hash algorithm based on the TPM algId
static org.bouncycastle.crypto.Digest	getDigest(TPM_ALG_ID alg) Gets a Bouncy Castle Digest object that matches the TPM_ALG_ID hash algId
static TPM_ALG_ID	getSigningHashAlg(TPMT_PUBLIC pub) Extract the signing hash algorithm from various supported schemes
static byte[]	hash(TPM_ALG_ID alg, byte[] data) Hash data
static byte[]	hmac(TPM_ALG_ID alg, byte[] key, byte[] data) hmac data
static byte[]	KDFa(TPM_ALG_ID hmacHash, byte[] hmacKey, String label, byte[] contextU, byte[] contextV, int numBitsRequired) Perform the TPM key derivation procedure KDFa
static byte[]	oaepEncrypt(TPMS_RSA_PARMS parms, TPM2B_PUBLIC_KEY_RSA key, byte[] data, TPM_ALG_ID hashAlg, String encodingLabel) RSA encrypt using the OAEP encoding
static boolean	validateQuote(TPMT_PUBLIC pubKey, PCR_ReadResponse expectedPcrs, byte[] nonce, QuoteResponse quote) Validate a TPM quote against a set of PCR and a nonce.
static boolean	validateSignature(TPMT_PUBLIC _pubKey, byte[] _dataThatWasSigned, TPMU_SIGNATURE _signature) Validate a TPM signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Crypto

public Crypto()

Method Detail

digestSize

public static int digestSize(TPM_ALG_ID alg)

Return the size in bytes of a hash algorithm based on the TPM algId

Parameters:

alg - The algorithm

Returns:

the size in bytes

hash

public static byte[] hash(TPM_ALG_ID alg,
                          byte[] data)

Hash data

Parameters:

alg - The hash algorithm

data - The data to hash

Returns:

The digest value

hmac

public static byte[] hmac(TPM_ALG_ID alg,
                          byte[] key,
                          byte[] data)

hmac data

Parameters:

alg - The hash algorithm

key - The HMAC key

data - The data to hash

Returns:

The digest value

validateSignature

public static boolean validateSignature(TPMT_PUBLIC _pubKey,
                                        byte[] _dataThatWasSigned,
                                        TPMU_SIGNATURE _signature)

Validate a TPM signature. Note that this function hashes dataThatWasSigned before verifying the signature.

Parameters:

_pubKey - The TPM public key

_dataThatWasSigned - The data that was hashed then signed

_signature - The signature returned by the TPM

Returns:

Whether the signature was valid

validateQuote

public static boolean validateQuote(TPMT_PUBLIC pubKey,
                                    PCR_ReadResponse expectedPcrs,
                                    byte[] nonce,
                                    QuoteResponse quote)

Validate a TPM quote against a set of PCR and a nonce.

Parameters:

pubKey - The public key to use to validate the Quote

expectedPcrs - PCR values expected

nonce - The nonce

quote - The TPM generated quote

Returns:

Whether the quote was valid

decodeKey

public static org.bouncycastle.jce.interfaces.ECPublicKey decodeKey(byte[] encoded)
                                                             throws InvalidKeySpecException,
                                                                    NoSuchAlgorithmException,
                                                                    NoSuchProviderException

Throws:

InvalidKeySpecException

NoSuchAlgorithmException

NoSuchProviderException

getDigest

public static org.bouncycastle.crypto.Digest getDigest(TPM_ALG_ID alg)

Gets a Bouncy Castle Digest object that matches the TPM_ALG_ID hash algId

Parameters:

alg - The TPM hash algId

Returns:

A new Bouncy Castle hash object

KDFa

public static byte[] KDFa(TPM_ALG_ID hmacHash,
                          byte[] hmacKey,
                          String label,
                          byte[] contextU,
                          byte[] contextV,
                          int numBitsRequired)

Perform the TPM key derivation procedure KDFa

Parameters:

hmacHash - The underlying hash algorithm

hmacKey - The HMAC key to use for key derivation

label - The label value (note: the label is the zero-terminated UTC-encoded string)

contextU - The first context value

contextV - The second context value

numBitsRequired - The number of bits to return (must be a whole number of bytes)

Returns:

The KDFa-derived key

oaepEncrypt

public static byte[] oaepEncrypt(TPMS_RSA_PARMS parms,
                                 TPM2B_PUBLIC_KEY_RSA key,
                                 byte[] data,
                                 TPM_ALG_ID hashAlg,
                                 String encodingLabel)

RSA encrypt using the OAEP encoding

Parameters:

parms - The encryption parameters to use

key - The public key to use

data - The data to encrypt

hashAlg - The hash algorithm to use in the OAEP encoding

encodingLabel - The label to use (the label will be the zero-terminated UTC-encoded string)

Returns:

data encrypted with key

asymEncrypt

public static byte[] asymEncrypt(TPMT_PUBLIC _pub,
                                 byte[] data,
                                 String encodingParms)

getSigningHashAlg

public static TPM_ALG_ID getSigningHashAlg(TPMT_PUBLIC pub)

Extract the signing hash algorithm from various supported schemes

Parameters:

pub - The public area to examine

Returns:

The hash algId

cfbEncrypt

public static byte[] cfbEncrypt(boolean _encrypt,
                                TPM_ALG_ID _algId,
                                byte[] _key,
                                byte[] _iv,
                                byte[] _x)

createRsaKey

public static Crypto.RsaKeyPair createRsaKey(int keySize,
                                             int exponent)

createECCKey

public static Crypto.ECCKeyPair createECCKey(TPM_ECC_CURVE curveId,
                                             TPM_ALG_ID alg)