Intel

Developer Zone

EpidAlg

com.intel.crypto

Class EpidAlg

  • java.lang.Object
    • com.intel.crypto.EpidAlg
  • All Implemented Interfaces:
    Signature
    Direct Known Subclasses:
    EpidAlgEx


    public abstract class EpidAlg
    extends java.lang.Object
    implements Signature

    This abstract class represents the Enhanced Privacy ID (EPID) signing algorithm. This class creates EPID signatures and exposes an interface for EPID provisioning. The EPID provisioning is a one-time process required to enable EPID signature generation in the firmware.

    The following inherited methods are not supported by this class and will throw NotSupportedException:
    • verifyComplete
    • Method Summary

      Methods
      Modifier and Type Method and Description
      static EpidAlg create()
      Factory method for creating a concrete instance.
      abstract short getGroupId(byte[] groupId, short groupIdIndex)
      Returns the EPID Group ID for this platform.
      abstract short getGroupIdLength()
      Returns the length of the EPID Group ID.
      abstract short getProvisionDataMaxOutputLength()
      Returns the maximum size of output buffer that must be allocated while calling the provisionData() method, if the response size is not known in advance.
      abstract boolean isProvisioned()
      Indicates whether the EPID 1.0 provisioning process was already done on this platform.
      abstract short provisionData(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
      A transport tunnel for passing EPID provisioning data from an external source (for example, a host software application) to the firmware.
      abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
      Signs the provided input data using the key currently stored by the instance.
      abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
      Verifies the signature on the provided input data using the key currently stored by the instance.
      • Methods inherited from class java.lang.Object

        equals, hashCode, toString
    • Method Detail

      • isProvisioned

        public abstract boolean isProvisioned()
        Indicates whether the EPID 1.0 provisioning process was already done on this platform. If EPID public key is provisioned, this class can be used to generate EPID signatures.
        Returns:
        true if EPID 1.0 is provisioned, false otherwise.
      • provisionData

        public abstract short provisionData(byte[] input,
                          short inputIndex,
                          short inputLength,
                          byte[] output,
                          short outputIndex)
        A transport tunnel for passing EPID provisioning data from an external source (for example, a host software application) to the firmware. Note that this method does not perform any parsing on the input/output data, but simply passes the data as a blob to/from the internal firmware module that handles EPID provisioning. The getProvisionDataMaxOutputLength method can be used to retrieve the maximum required size of the output array.
        Parameters:
        input - input data
        inputIndex - index in the input array
        inputLength - input data length
        output - an array to hold the output data
        outputIndex - index in the output array
        Returns:
        The number of bytes returned in output array.
      • getProvisionDataMaxOutputLength

        public abstract short getProvisionDataMaxOutputLength()
        Returns the maximum size of output buffer that must be allocated while calling the provisionData() method, if the response size is not known in advance.
        Returns:
        The maximum response size (in bytes) for the provisionData method.
      • getGroupId

        public abstract short getGroupId(byte[] groupId,
                       short groupIdIndex)
        Returns the EPID Group ID for this platform. The getGroupIdLength method can be used to retrieve the required size of the output array.
        Parameters:
        groupId - an array to hold the Group ID
        groupIdIndex - index in the array
        Returns:
        Group ID length.
      • getGroupIdLength

        public abstract short getGroupIdLength()
        Returns the length of the EPID Group ID.
        Returns:
        EPID Group ID length in bytes.
      • signComplete

        public abstract short signComplete(byte[] data,
                         short dataIndex,
                         short dataLength,
                         byte[] signature,
                         short signatureIndex)
                                    throws CryptoException
        Signs the provided input data using the key currently stored by the instance. Note that this method will add the caller application ID to the data being signed in the following format: IDLength (1 byte) | ID (IDLength bytes) | rest of the data to be signed.
        Specified by:
        signComplete in interface Signature
        Parameters:
        data - the input data to sign
        dataIndex - index in the input array
        dataLength - input data length
        signature - an array to hold the output data
        signatureIndex - index in the output array
        Returns:
        The number of bytes written into the signature array.
        Throws:
        NotInitializedException - if this method is called before EPID 1.0 was provisioned.
        IllegalParameterException - if the data provided for signing is illegal
        CryptoException - if some unexpected error has occurred
      • verifyComplete

        public abstract boolean verifyComplete(byte[] data,
                             short dataIndex,
                             short dataLength,
                             byte[] signature,
                             short signatureIndex,
                             short signatureLength)
                                        throws CryptoException
        Verifies the signature on the provided input data using the key currently stored by the instance.
        Specified by:
        verifyComplete in interface Signature
        Parameters:
        data - the input data that was signed
        dataIndex - index in the input array
        dataLength - input data length
        signature - the signature to verify
        signatureIndex - index in the signature array
        signatureLength - signature length
        Returns:
        true if the signature verified successfully, false otherwise.
        Throws:
        NotSupportedException - always
        NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.
        IllegalParameterException - if the data provided for verification is illegal
        CryptoException - if some unexpected error has occurred
      • create

        public static final EpidAlg create()
        Factory method for creating a concrete instance.
        Returns:
        EpidAlg instance.