Package tss
Class Crypto
- java.lang.Object
-
- tss.Crypto
-
public class Crypto extends Object
Interfaces to crypto functions (mostly using Bouncy Castle)- Author:
- pengland
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classCrypto.ECCKeyPairstatic classCrypto.RsaKeyPair
-
Constructor Summary
Constructors Constructor Description Crypto()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static byte[]asymEncrypt(TPMT_PUBLIC _pub, byte[] data, String encodingParms)static byte[]cfbEncrypt(boolean _encrypt, TPM_ALG_ID _algId, byte[] _key, byte[] _iv, byte[] _x)static Crypto.ECCKeyPaircreateECCKey(TPM_ECC_CURVE curveId, TPM_ALG_ID alg)static Crypto.RsaKeyPaircreateRsaKey(int keySize, int exponent)static org.bouncycastle.jce.interfaces.ECPublicKeydecodeKey(byte[] encoded)static intdigestSize(TPM_ALG_ID alg)Return the size in bytes of a hash algorithm based on the TPM algIdstatic org.bouncycastle.crypto.DigestgetDigest(TPM_ALG_ID alg)Gets a Bouncy Castle Digest object that matches the TPM_ALG_ID hash algIdstatic TPM_ALG_IDgetSigningHashAlg(TPMT_PUBLIC pub)Extract the signing hash algorithm from various supported schemesstatic byte[]hash(TPM_ALG_ID alg, byte[] data)Hash datastatic byte[]hmac(TPM_ALG_ID alg, byte[] key, byte[] data)hmac datastatic byte[]KDFa(TPM_ALG_ID hmacHash, byte[] hmacKey, String label, byte[] contextU, byte[] contextV, int numBitsRequired)Perform the TPM key derivation procedure KDFastatic byte[]oaepEncrypt(TPMS_RSA_PARMS parms, TPM2B_PUBLIC_KEY_RSA key, byte[] data, TPM_ALG_ID hashAlg, String encodingLabel)RSA encrypt using the OAEP encodingstatic booleanvalidateQuote(TPMT_PUBLIC pubKey, PCR_ReadResponse expectedPcrs, byte[] nonce, QuoteResponse quote)Validate a TPM quote against a set of PCR and a nonce.static booleanvalidateSignature(TPMT_PUBLIC _pubKey, byte[] _dataThatWasSigned, TPMU_SIGNATURE _signature)Validate a TPM signature.
-
-
-
Method Detail
-
digestSize
public static int digestSize(TPM_ALG_ID alg)
Return the size in bytes of a hash algorithm based on the TPM algId- Parameters:
alg- The algorithm- Returns:
- the size in bytes
-
hash
public static byte[] hash(TPM_ALG_ID alg, byte[] data)
Hash data- Parameters:
alg- The hash algorithmdata- The data to hash- Returns:
- The digest value
-
hmac
public static byte[] hmac(TPM_ALG_ID alg, byte[] key, byte[] data)
hmac data- Parameters:
alg- The hash algorithmkey- The HMAC keydata- The data to hash- Returns:
- The digest value
-
validateSignature
public static boolean validateSignature(TPMT_PUBLIC _pubKey, byte[] _dataThatWasSigned, TPMU_SIGNATURE _signature)
Validate a TPM signature. Note that this function hashes dataThatWasSigned before verifying the signature.- Parameters:
_pubKey- The TPM public key_dataThatWasSigned- The data that was hashed then signed_signature- The signature returned by the TPM- Returns:
- Whether the signature was valid
-
validateQuote
public static boolean validateQuote(TPMT_PUBLIC pubKey, PCR_ReadResponse expectedPcrs, byte[] nonce, QuoteResponse quote)
Validate a TPM quote against a set of PCR and a nonce.- Parameters:
pubKey- The public key to use to validate the QuoteexpectedPcrs- PCR values expectednonce- The noncequote- The TPM generated quote- Returns:
- Whether the quote was valid
-
decodeKey
public static org.bouncycastle.jce.interfaces.ECPublicKey decodeKey(byte[] encoded) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException
-
getDigest
public static org.bouncycastle.crypto.Digest getDigest(TPM_ALG_ID alg)
Gets a Bouncy Castle Digest object that matches the TPM_ALG_ID hash algId- Parameters:
alg- The TPM hash algId- Returns:
- A new Bouncy Castle hash object
-
KDFa
public static byte[] KDFa(TPM_ALG_ID hmacHash, byte[] hmacKey, String label, byte[] contextU, byte[] contextV, int numBitsRequired)
Perform the TPM key derivation procedure KDFa- Parameters:
hmacHash- The underlying hash algorithmhmacKey- The HMAC key to use for key derivationlabel- The label value (note: the label is the zero-terminated UTC-encoded string)contextU- The first context valuecontextV- The second context valuenumBitsRequired- The number of bits to return (must be a whole number of bytes)- Returns:
- The KDFa-derived key
-
oaepEncrypt
public static byte[] oaepEncrypt(TPMS_RSA_PARMS parms, TPM2B_PUBLIC_KEY_RSA key, byte[] data, TPM_ALG_ID hashAlg, String encodingLabel)
RSA encrypt using the OAEP encoding- Parameters:
parms- The encryption parameters to usekey- The public key to usedata- The data to encrypthashAlg- The hash algorithm to use in the OAEP encodingencodingLabel- The label to use (the label will be the zero-terminated UTC-encoded string)- Returns:
- data encrypted with key
-
asymEncrypt
public static byte[] asymEncrypt(TPMT_PUBLIC _pub, byte[] data, String encodingParms)
-
getSigningHashAlg
public static TPM_ALG_ID getSigningHashAlg(TPMT_PUBLIC pub)
Extract the signing hash algorithm from various supported schemes- Parameters:
pub- The public area to examine- Returns:
- The hash algId
-
cfbEncrypt
public static byte[] cfbEncrypt(boolean _encrypt, TPM_ALG_ID _algId, byte[] _key, byte[] _iv, byte[] _x)
-
createRsaKey
public static Crypto.RsaKeyPair createRsaKey(int keySize, int exponent)
-
createECCKey
public static Crypto.ECCKeyPair createECCKey(TPM_ECC_CURVE curveId, TPM_ALG_ID alg)
-
-