Intel

Developer Zone

EpidAlg


com.intel.crypto
Class EpidAlg

java.lang.Object
  extended by com.intel.crypto.EpidAlg
All Implemented Interfaces:
Signature

public abstract class EpidAlg
extends java.lang.Object
implements Signature

This abstract class represents the Enhanced Privacy ID (EPID) signing algorithm. This class creates EPID signatures and exposes an interface for EPID provisioning. The EPID provisioning is a one-time process required to enable EPID signature generation in the firmware.

The following inherited methods are not supported by this class and will throw NotSupportedException:
  • verifyComplete


Method Summary
static EpidAlg create()
Factory method for creating a concrete instance.
abstract short getGroupId(byte[] groupId, short groupIdIndex)
Returns the EPID Group ID for this platform.
abstract short getGroupIdLength()
Returns the length of the EPID Group ID.
abstract short getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling the provisionData() method, if the response size is not known in advance.
abstract boolean isProvisioned()
Indicates whether the EPID 1.0 provisioning process was already done on this platform.
abstract short provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
A transport tunnel for passing EPID provisioning data from an external source (for example, a host software application) to the firmware.
abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
Signs the provided input data using the key currently stored by the instance.
abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance.
Methods inherited from class java.lang.Object
equals, hashCode, toString
Methods inherited from interface com.intel.crypto.Signature
getSignatureLength

Method Detail

isProvisioned

public abstract boolean isProvisioned()
Indicates whether the EPID 1.0 provisioning process was already done on this platform. If EPID public key is provisioned, this class can be used to generate EPID signatures.

Returns:
true if EPID 1.0 is provisioned, false otherwise.

provisionData

public abstract short provisionData(byte[] input,
                                    short inputIndex,
                                    short inputLength,
                                    byte[] output,
                                    short outputIndex)
A transport tunnel for passing EPID provisioning data from an external source (for example, a host software application) to the firmware. Note that this method does not perform any parsing on the input/output data, but simply passes the data as a blob to/from the internal firmware module that handles EPID provisioning. The getProvisionDataMaxOutputLength method can be used to retrieve the maximum required size of the output array.

Parameters:
input - input data
inputIndex - index in the input array
inputLength - input data length
output - an array to hold the output data
outputIndex - index in the output array
Returns:
The number of bytes returned in output array.

getProvisionDataMaxOutputLength

public abstract short getProvisionDataMaxOutputLength()
Returns the maximum size of output buffer that must be allocated while calling the provisionData() method, if the response size is not known in advance.

Returns:
The maximum response size (in bytes) for the provisionData method.

getGroupId

public abstract short getGroupId(byte[] groupId,
                                 short groupIdIndex)
Returns the EPID Group ID for this platform. The getGroupIdLength method can be used to retrieve the required size of the output array.

Parameters:
groupId - an array to hold the Group ID
groupIdIndex - index in the array
Returns:
Group ID length.

getGroupIdLength

public abstract short getGroupIdLength()
Returns the length of the EPID Group ID.

Returns:
EPID Group ID length in bytes.

signComplete

public abstract short signComplete(byte[] data,
                                   short dataIndex,
                                   short dataLength,
                                   byte[] signature,
                                   short signatureIndex)
                            throws CryptoException
Signs the provided input data using the key currently stored by the instance. Note that this method will add the caller application ID to the data being signed in the following format: IDLength (1 byte) | ID (IDLength bytes) | rest of the data to be signed.

Specified by:
signComplete in interface Signature
Parameters:
data - the input data to sign
dataIndex - index in the input array
dataLength - input data length
signature - an array to hold the output data
signatureIndex - index in the output array
Returns:
The number of bytes written into the signature array.
Throws:
NotInitializedException - if this method is called before EPID was provisioned.
IllegalParameterException - if the data provided for signing is illegal
CryptoException

verifyComplete

public abstract boolean verifyComplete(byte[] data,
                                       short dataIndex,
                                       short dataLength,
                                       byte[] signature,
                                       short signatureIndex,
                                       short signatureLength)
                                throws CryptoException
Verifies the signature on the provided input data using the key currently stored by the instance.

Specified by:
verifyComplete in interface Signature
Parameters:
data - the input data that was signed
dataIndex - index in the input array
dataLength - input data length
signature - the signature to verify
signatureIndex - index in the signature array
signatureLength - signature length
Returns:
true if the signature verified successfully, false otherwise.
Throws:
NotSupportedException - always
NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.
IllegalParameterException - if the data provided for verification is illegal
CryptoException

create

public static final EpidAlg create()
Factory method for creating a concrete instance.

Returns:
EpidAlg instance.