Merge pull request #111 from subrahmanyaman/import_key_changes

Import key changes
divegeek · Apr 13, 2022 · b0061fc · b0061fc
2 parents 99b0869 + 2e36786
commit b0061fc
Show file tree

Hide file tree

Showing 7 changed files with 306 additions and 235 deletions.
diff --git a/Applet/src/com/android/javacard/keymaster/KMBignumTag.java b/Applet/src/com/android/javacard/keymaster/KMBignumTag.java
@@ -30,11 +30,6 @@ public class KMBignumTag extends KMTag {
 
   private static KMBignumTag prototype;
 
-  // The allowed tag keys of type bool tag
-  private static final short[] tags = {
-      CERTIFICATE_SERIAL_NUM,
-  };
-
   private KMBignumTag() {
   }
 
@@ -56,15 +51,8 @@ public static short exp() {
     return ptr;
   }
 
-  public static short instance(short key) {
-    if (!validateKey(key)) {
-      ISOException.throwIt(ISO7816.SW_DATA_INVALID);
-    }
-    return instance(key, KMByteBlob.exp());
-  }
-
   public static short instance(short key, short byteBlob) {
-    if (!validateKey(key)) {
+    if (!validateKey(key, byteBlob)) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
     if (heap[byteBlob] != BYTE_BLOB_TYPE) {
@@ -104,13 +92,17 @@ public short length() {
     return KMByteBlob.cast(blobPtr).length();
   }
 
-  private static boolean validateKey(short key) {
-    short index = (short) tags.length;
-    while (--index >= 0) {
-      if (tags[index] == key) {
-        return true;
-      }
+  private static boolean validateKey(short key, short byteBlob) {
+    short valueLen = KMByteBlob.cast(byteBlob).length();
+    switch (key) {
+      case CERTIFICATE_SERIAL_NUM:
+        if (valueLen > MAX_CERTIFICATE_SERIAL_SIZE) {
+          return false;
+        }
+        break;
+      default:
+        return false;
     }
-    return false;
+    return true;
   }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
@@ -30,34 +30,6 @@ public class KMByteTag extends KMTag {
 
   private static KMByteTag prototype;
 
-  // MAX ApplicationID or Application Data size
-  public static final short MAX_APP_ID_APP_DATA_SIZE = 64;
-
-  // The allowed tag keys of type bool tag
-  private static final short[] tags = {
-      APPLICATION_ID,
-      APPLICATION_DATA,
-      ROOT_OF_TRUST,
-      UNIQUE_ID,
-      ATTESTATION_CHALLENGE,
-      ATTESTATION_APPLICATION_ID,
-      ATTESTATION_ID_BRAND,
-      ATTESTATION_ID_DEVICE,
-      ATTESTATION_ID_PRODUCT,
-      ATTESTATION_ID_SERIAL,
-      ATTESTATION_ID_IMEI,
-      ATTESTATION_ID_MEID,
-      ATTESTATION_ID_MANUFACTURER,
-      ATTESTATION_ID_MODEL,
-      ASSOCIATED_DATA,
-      NONCE,
-      CONFIRMATION_TOKEN,
-      VERIFIED_BOOT_KEY,
-      VERIFIED_BOOT_HASH,
-      CERTIFICATE_SERIAL_NUM,
-      CERTIFICATE_SUBJECT_NAME,
-  };
-
   private KMByteTag() {
   }
 
@@ -104,36 +76,60 @@ public static KMByteTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap,
+        (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
     return KMType.BYTES_TAG;
   }
 
   public short getValue() {
-    return Util.getShort(heap, (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap,
+        (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
-    short blobPtr = Util.getShort(heap, (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
+    short blobPtr = Util.getShort(heap,
+        (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
     return KMByteBlob.cast(blobPtr).length();
   }
 
-  private static boolean validateKey(short key, short keyBlob) {
-	boolean result = false;  
-    short index = (short) tags.length;
-    while (--index >= 0) {
-      if (tags[index] == key) {
-    	result = true;
-    	if(key == APPLICATION_ID || key == APPLICATION_DATA) {
-          if (KMByteBlob.cast(keyBlob).length() > MAX_APP_ID_APP_DATA_SIZE) {
-    		result = false;
-    	  } 
-    	}
-    	break;
-      }
+  private static boolean validateKey(short key, short byteBlob) {
+    short valueLen = KMByteBlob.cast(byteBlob).length();
+    switch (key) {
+      case ROOT_OF_TRUST:
+      case UNIQUE_ID:
+      case ATTESTATION_APPLICATION_ID:
+      case ATTESTATION_ID_BRAND:
+      case ATTESTATION_ID_DEVICE:
+      case ATTESTATION_ID_PRODUCT:
+      case ATTESTATION_ID_SERIAL:
+      case ATTESTATION_ID_IMEI:
+      case ATTESTATION_ID_MEID:
+      case ATTESTATION_ID_MANUFACTURER:
+      case ATTESTATION_ID_MODEL:
+      case ASSOCIATED_DATA:
+      case NONCE:
+      case CONFIRMATION_TOKEN:
+      case VERIFIED_BOOT_KEY:
+      case VERIFIED_BOOT_HASH:
+      case CERTIFICATE_SUBJECT_NAME:
+        break;
+      case APPLICATION_ID:
+      case APPLICATION_DATA:
+        if (valueLen > MAX_APP_ID_APP_DATA_SIZE) {
+          return false;
+        }
+        break;
+      case ATTESTATION_CHALLENGE:
+        if (valueLen > MAX_ATTESTATION_CHALLENGE_SIZE) {
+          return false;
+        }
+        break;
+      default:
+        return false;
     }
-    return result;
+    return true;
   }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -82,8 +82,8 @@ public short encode(short object, byte[] buffer, short startOff) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = startOff;
     short len = (short) (buffer.length - startOff);
-    if ((len < 0) || len > KMKeymasterApplet.MAX_LENGTH) {
-      scratchBuf[LEN_OFFSET] = KMKeymasterApplet.MAX_LENGTH;
+    if ((len < 0) || len > KMRepository.HEAP_SIZE) {
+      scratchBuf[LEN_OFFSET] = KMRepository.HEAP_SIZE;
     } else {
       scratchBuf[LEN_OFFSET] = (short) buffer.length;
     }
@@ -386,7 +386,7 @@ private void encodeIntegerTag(short obj) {
 
   private void encodeBignumTag(short obj) {
     writeTag(KMBignumTag.getTagType(obj), KMBignumTag.getKey(obj));
-    encode(KMBignumTag.getValue(obj));
+    encode(KMBignumTag.cast(obj).getValue());
   }
 
   private void encodeBytesTag(short obj) {

diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java
@@ -45,6 +45,7 @@ public class KMError {
 
   public static final short KEY_USER_NOT_AUTHENTICATED = 26;
   public static final short INVALID_OPERATION_HANDLE = 28;
+  public static final short INSUFFICIENT_BUFFER_SPACE = 29;
   public static final short VERIFICATION_FAILED = 30;
   public static final short TOO_MANY_OPERATIONS = 31;
   public static final short INVALID_KEY_BLOB = 33;