Merge pull request #53 from cpathak/Keymint

Bug fix for Binder issue

Author: mdwivedi

Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java

@@ -691,8 +691,6 @@ private void processGetHmacSharingParamCmd(APDU apdu) {
     short seed = KMByteBlob.instance((short) 0);
     KMHmacSharingParameters.cast(params).setNonce(nonce);
     KMHmacSharingParameters.cast(params).setSeed(seed);
-    print(KMByteBlob.cast(nonce).getBuffer(), KMByteBlob.cast(nonce).getStartOff(),
-        KMByteBlob.cast(nonce).length());
     // prepare the response
     short resp = KMArray.instance((short) 2);
     KMArray.cast(resp).add((short) 0, KMInteger.uint_16(KMError.OK));
@@ -771,9 +769,6 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     short found = 0;
     //tmpVariables[9]
     short nonce = repository.getHmacNonce();
-    print(KMByteBlob.cast(nonce).getBuffer(),
-        KMByteBlob.cast(nonce).getStartOff(),
-        KMByteBlob.cast(nonce).length());
 
     while (paramIndex < paramsLen) {
       // read HmacSharingParam
@@ -816,11 +811,6 @@ private void processComputeSharedHmacCmd(APDU apdu) {
       // Check if the nonce generated here is present in the hmacSharingParameters array.
       // Otherwise throw INVALID_ARGUMENT error.
       if (found == 1) {
-        print(repository.getHeap(),
-            (short) (concateBuffer + bufferIndex),nonceLen);
-        print(KMByteBlob.cast(nonce).getBuffer(),
-            KMByteBlob.cast(nonce).getStartOff(),
-            nonceLen);
         if (0
             == Util.arrayCompare(
             repository.getHeap(),
@@ -1347,7 +1337,7 @@ protected short getBootKey(byte[] scratchPad){
     }
     return KMByteBlob.instance(scratchPad,(short)0, VERIFIED_BOOT_KEY_SIZE);
   }
- 
+
   protected short getVerifiedBootHash(byte[] scratchPad){
     Util.arrayFillNonAtomic(scratchPad, (short)0, VERIFIED_BOOT_HASH_SIZE, (byte)0);
     short len = seProvider.getVerifiedBootHash(scratchPad,(short)0);
@@ -3042,14 +3032,14 @@ protected void setOsVersion(short version){
         KMInteger.cast(version).length());
   }
 
-  protected void setVendorPatchLevel(short patch){
+  protected void setOsPatchLevel(short patch){
     repository.setOsPatch(
         KMInteger.cast(patch).getBuffer(),
         KMInteger.cast(patch).getStartOff(),
         KMInteger.cast(patch).length());
   }
 
-  protected void setOsPatchLevel(short patch){
+  protected void setVendorPatchLevel(short patch){
     repository.setVendorPatchLevel(
         KMInteger.cast(patch).getBuffer(),
         KMInteger.cast(patch).getStartOff(),
@@ -3106,6 +3096,7 @@ private void processGenerateKey(APDU apdu) {
         KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
         break;
     }
+
     // create key blob and associated attestation.
     data[ORIGIN] = KMType.GENERATED;
     makeKeyCharacteristics(scratchPad);
@@ -3120,20 +3111,13 @@ private void processGenerateKey(APDU apdu) {
     sendOutgoing(apdu, resp);
   }
 
-  private static void print(byte[] buf, short start, short length){
-    StringBuilder sb = new StringBuilder(length * 2);
-    for(short i = start; i < (start+length); i ++){
-      sb.append(String.format("%02x", buf[i]));
-    }
-    System.out.println( sb.toString());
-  }
-
   private  void generateAttestation(byte[] scratchPad){
     KMAttestationCert cert = makeCert(scratchPad);
     if(cert == null) {// No certificate
       data[CERTIFICATE] = KMArray.instance((short)0);
       return;
     }
+
     // Allocate memory
     short certData = KMByteBlob.instance(MAX_CERT_SIZE);
     cert.buffer(KMByteBlob.cast(certData).getBuffer(),
@@ -3145,9 +3129,6 @@ private  void generateAttestation(byte[] scratchPad){
     KMByteBlob.cast(certData).setStartOff(cert.getCertStart());
     KMByteBlob.cast(certData).setLength(cert.getCertLength());
 
-    print(KMByteBlob.cast(certData).getBuffer(),
-        KMByteBlob.cast(certData).getStartOff(),
-        KMByteBlob.cast(certData).length());
     // Initialize the certificate as array of blob
     data[CERTIFICATE] = KMArray.instance((short)1);
     KMArray.cast(data[CERTIFICATE]).add((short)0, certData);

Applet/src/com/android/javacard/keymaster/KMRepository.java

@@ -59,7 +59,6 @@ public class KMRepository implements KMUpgradable {
   public static final short DEVICE_LOCK_FLAG_SIZE = 1;
 
   // Class Attributes
- // private Object[] operationStateTable;
   private byte[] heap;
   private short heapIndex;
   private byte[] dataTable;
@@ -288,48 +287,6 @@ public short getOsPatch() {
     }
   }
 
-/*
-  public void deleteAttIds() {
-    clearDataEntry(ATT_ID_BRAND);
-    clearDataEntry(ATT_ID_MEID);
-    clearDataEntry(ATT_ID_DEVICE);
-    clearDataEntry(ATT_ID_IMEI);
-    clearDataEntry(ATT_ID_MODEL);
-    clearDataEntry(ATT_ID_PRODUCT);
-    clearDataEntry(ATT_ID_SERIAL);
-    clearDataEntry(ATT_ID_MANUFACTURER);
-  }
-
-
-  public short getBootPatchLevel() {
-    short blob = readData(BOOT_PATCH_LEVEL);
-    if (blob != 0) {
-      return KMInteger.uint_32(
-          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
-    } else {
-      return KMInteger.uint_32(zero, (short) 0);
-    }
-  }
-
-  public short getVerifiedBootKey() {
-    return readData(BOOT_VERIFIED_BOOT_KEY);
-  }
-
-  public short getVerifiedBootHash() {
-    return readData(BOOT_VERIFIED_BOOT_HASH);
-  }
-
-  public boolean getBootLoaderLock() {
-    short blob = readData(BOOT_DEVICE_LOCKED_STATUS);
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
-  }
-
-  public byte getBootState() {
-    short blob = readData(BOOT_VERIFIED_BOOT_STATE);
-    return (getHeap())[KMByteBlob.cast(blob).getStartOff()];
-  }
-*/
-
   public boolean getDeviceLock() {
     short blob = readData(DEVICE_LOCKED);
     return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
@@ -401,46 +358,6 @@ public void setOsPatch(byte[] buf, short start, short len) {
     }
     writeDataEntry(BOOT_OS_PATCH, buf, start, len);
   }
-/*
-
-  public void setBootPatchLevel(byte[] buf, short start, short len) {
-    if (len != BOOT_PATCH_SIZE) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len);
-  }
-
-  public void setBootloaderLocked(boolean flag) {
-    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
-    if (flag) {
-      (getHeap())[start] = (byte) ((getHeap())[start] | 0x01);
-    } else {
-      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE);
-    }
-    writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
-  }
-
-  public void setVerifiedBootKey(byte[] buf, short start, short len) {
-    if (len > BOOT_KEY_MAX_SIZE) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    writeDataEntry(BOOT_VERIFIED_BOOT_KEY, buf, start, len);
-  }
-
-
-  public void setVerifiedBootHash(byte[] buf, short start, short len) {
-    if (len > BOOT_HASH_MAX_SIZE) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    writeDataEntry(BOOT_VERIFIED_BOOT_HASH, buf, start, len);
-  }
-
-  public void setBootState(byte state) {
-    short start = alloc(BOOT_STATE_SIZE);
-    (getHeap())[start] = state;
-    writeDataEntry(BOOT_VERIFIED_BOOT_STATE, getHeap(), start, BOOT_STATE_SIZE);
-  }
-*/
   @Override
   public void onSave(Element ele) {
     ele.write(dataIndex);

HAL/Android.bp

@@ -22,6 +22,9 @@ cc_library {
     	"CborConverter.cpp",
         "JavacardKeyMintDevice.cpp",
         "JavacardKeyMintOperation.cpp",
+        "JavacardSecureElement.cpp",
+        "JavacardSharedSecret.cpp",
+        "keymint_utils.cpp",
     ],
     cflags:["-O0",],
     shared_libs: [
@@ -90,7 +93,6 @@ cc_binary {
     ],
     srcs: [
         "service.cpp",
-        "keymint_utils.cpp"
     ],
     required: [
 //        "RemoteProvisioner",