Android_Keymaster_41_v1.1_release
StrongBox Release Notes
Release Date : May 5th, 2021
Release Type : Delta Release (post January 1st, 2021)
Release Version 1.1 : Android_Keymaster_41_v1.1_release
Release Branch : Master
Release Tag : JC_KM_41_V1.1
Features Added :
=> Bug fixes (primarily to handle the exponent and keysizes boundary values).
Remove unused error codes
=> Code formatting and code/comments cleanup
=> Remove public key operations from applet which are handled in HAL
=> Added debug statements in applet
=> Extended expectation handling to include generic exceptions
=> Removed below unsupported tags and its related code from the Keymaster Applet
TRUSTED_CONFIRMATION_REQUIRED
TRUSTED_USER_PRESENCE_REQUIRED
MIN_SECONDS_BETWEEN_OPS
ALLOW_WHILE_ONBODY
BLOB_USAGE_REQUIREMENTS (Supports Only Standalone)
MAX_USES_PER_BOOT
=> Random Number Based Operation Handle
Now Keymaster Applet generates a random number of 8 bytes to be used as an operation handle for begin, update,
finish and abort operations.
To avoid collision of operation handles between private and public operations (handled by HAL directly), Keymaster HAL generates a new random number for operation handle and maps it against the operation handle identified by either => Strongbox keymaster or Soft keymaster. It maintains a table of operation handle entries.
Support for converting milliseconds to date format algorithm inside Keymaster Applet.
=> C++ based adb tool to provision the Keymaster Applet.
Works based on socket interface for development purposes. SE Vendors/OEM need to adopt it as per SE HAL
=> Extended Applet Error Code
Added more error codes in the Keymaster Applet as an extension to the existing error codes to provide more debug information to the HAL.
Handle the extended error codes in HAL (although extended error codes will not be returned to the caller of HAL. Callers of HAL will get only those error codes which are defined by the Keymaster 4.1 specification).
=> Reduced the complexity while generating the derived keys, which are required to encrypt the secret inside the keyblobs.
Previously KeyDerivation = AesGCMEncrypt + HMac was used
Now KeyDerivation = HMacKDF
=> Added AP Power Reset Signal handling function for Boot params
Exposed functions for SE provider to provide the status to common code
=> Verify that Applet is not receiving boot parameters when the Android device is active and running. Boot parameters should only be sent once after Android device reboots.
=> Remove AP boot event check in provisioning state to allow SE vendor test the applet in their own factory by sending ROT parameters to applet. ROT parameters will not be allowed without AP power reset in Active_State, but in provisioning state they can be provisioned without the check.
=> Moving Key Storage to Native Javacard Objects
Store Master key, Provisioning key and Pre-shared key as Java Card Key objects rather than as simple byte array
data. This provides inbuilt protection from Javacard OS.
Memory optimization by reducing NVM writes
Convert all static variables to RAM variables
Move operation state table to RAM
HAL receives card reset status flag from Applet. In case if card reset/or applet upgrade happens HAL clears its operation table entries for strongbox operations. Also handled the reset event in the provision tool.
=> Include ROT parameters in keyblob
Using ROT parameters in the process of making Keyblobs.
=> Added a few tests in JUint test to capture some of the corner scenarios like copying rsa modulus and private exponent into buffer.
=> Added sample keys and certificates required for provision inside the provision tool.
=> Optimized the processing of upgrade key commands.
Code restructuring and bug fixing (only OS Version upgrade was taken care before)
=> Separated system properties from boot parameters, as system properties are not available to bootloaders. System properties are sent from Keymaster HAL to Applet.
OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL
A new command has been added in applet to handle the above(a)
=> Allow Keymaster Applet upgrades even if provision is not done.
=> Allow lock provisioning without ROT parameters
=> To allow OEM to lock the provisioning before device boots up
=> Added logs and debug messages in HAL