From c3f249b3314f7b3fa32d1412fec3e822aa940536 Mon Sep 17 00:00:00 2001 From: "avinash.hedage" Date: Thu, 30 Jun 2022 14:36:57 +0000 Subject: [PATCH] bug fixes and code clean up --- .../javacard/keymaster/KMKeymasterApplet.java | 29 ++++++++----------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index b43abdbb..bf34d19d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -314,14 +314,11 @@ protected KMKeymasterApplet(KMSEProvider seImpl) { opTable[index] = new KMOperationState(); index++; } - KMType.initialize(); - if (!isUpgrading) { - kmDataStore.createMasterKey(MASTER_KEY_SIZE); - // initialize default values - initHmacNonceAndSeed(); - initSystemBootParams((short)0,(short)0,(short)0,(short)0); - } - rkp = new RemotelyProvisionedComponentDevice(encoder, decoder, repository, seProvider, kmDataStore); + KMType.initialize(); + if (!isUpgrading) { + kmDataStore.createMasterKey(MASTER_KEY_SIZE); + } + rkp = new RemotelyProvisionedComponentDevice(encoder, decoder, repository, seProvider, kmDataStore); } protected void initHmacNonceAndSeed(){ @@ -583,6 +580,7 @@ private boolean isKeyMintReady(byte apduIns) { case INS_COMPUTE_SHARED_HMAC_CMD: case INS_INIT_STRONGBOX_CMD: case INS_EARLY_BOOT_ENDED_CMD: + case INS_GET_RKP_HARDWARE_INFO: return true; default: break; @@ -3485,7 +3483,6 @@ private void processInitStrongBoxCmd(APDU apdu) { } public void reboot() { - kmDataStore.clearHmacNonce(); //flag to maintain early boot ended state kmDataStore.setEarlyBootEndedStatus(false); //Clear all the operation state. @@ -3552,7 +3549,6 @@ private void processGenerateKey(APDU apdu) { // ROLLBACK_RESISTANCE not supported. KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.BOOL_TAG,KMType.ROLLBACK_RESISTANCE, KMError.ROLLBACK_RESISTANCE_UNAVAILABLE); - // As per specification Early boot keys may be created after early boot ended. // Algorithm must be present KMTag.assertPresence(data[KEY_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM, KMError.INVALID_ARGUMENT); @@ -3656,13 +3652,12 @@ private short getAttestationMode(short attKeyBlob, short attChallenge) { } private KMAttestationCert generateAttestation(short attKeyBlob, short attKeyParam, byte[] scratchPad){ - // 1) If attestation key is present and attestation challenge is absent then it is an error. - // 2) If attestation key is absent and attestation challenge is present then it is an error as - // factory provisioned attestation key is not supported. - // 3) If both are present and issuer is absent or attest key purpose is not ATTEST_KEY then it is an error. - // 4) If the generated/imported keys are RSA or EC then validity period must be specified. - // Device Unique Attestation is not supported. - // Device unique attestation not supported + // 1) If attestation key is present and attestation challenge is absent then it is an error. + // 2) If attestation key is absent and attestation challenge is present then it is an error as + // factory provisioned attestation key is not supported. + // 3) If both are present and issuer is absent or attest key purpose is not ATTEST_KEY then it is an error. + // 4) If the generated/imported keys are RSA or EC then validity period must be specified. + // Device Unique Attestation is not supported. short heapStart = repository.getHeapIndex(); KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.BOOL_TAG, KMType.DEVICE_UNIQUE_ATTESTATION, KMError.CANNOT_ATTEST_IDS);