Skip to content

Commit

Permalink
Merge pull request #245 from divegeek/Javacard_KeyMint_200_master
Browse files Browse the repository at this point in the history 
Rebased from Javacard key mint 200 master
  • Loading branch information
@mdwivedi
mdwivedi authored Dec 1, 2022
2 parents 1c31b18 + b4dd593 commit f79a011
Show file tree
Hide file tree
Showing 14 changed files with 674 additions and 791 deletions.
645 changes: 300 additions & 345 deletions Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
View file

Large diffs are not rendered by default.

14 changes: 1 addition & 13 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAESKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,24 +21,12 @@

public class KMAESKey implements KMMasterKey {

private AESKey aesKey;
public AESKey aesKey;

public KMAESKey(AESKey key) {
aesKey = key;
}

public void setKey(byte[] keyData, short kOff) {
aesKey.setKey(keyData, kOff);
}

public byte getKey(byte[] keyData, short kOff) {
return aesKey.getKey(keyData, kOff);
}

public short getKeySizeBits() {
return aesKey.getSize();
}

public static void onSave(Element element, KMAESKey kmKey) {
element.write(kmKey.aesKey);
}
Expand Down
56 changes: 29 additions & 27 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
short keyOutLen = n * 16;
//Convert Hmackey to AES Key as the algorithm is ALG_AES_CMAC_128.
KMHmacKey hmacKey = ((KMHmacKey) preSharedKey);
hmacKey.getKey(tmpArray, (short) 0);
hmacKey.hmacKey.getKey(tmpArray, (short) 0);
aesKeys[KEYSIZE_256_OFFSET].setKey(tmpArray, (short) 0);
//Initialize the key derivation function.
kdf.init(aesKeys[KEYSIZE_256_OFFSET], Signature.MODE_SIGN);
Expand Down Expand Up @@ -473,20 +473,20 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength,
@Override
public short hmacSign(Object key,
byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) {
if(!(key instanceof KMHmacKey)) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}
KMHmacKey hmacKey = (KMHmacKey) key;
return hmacSign(hmacKey.getKey(), data, dataStart, dataLength, mac, macStart);
if(!(key instanceof KMHmacKey)) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}
KMHmacKey hmacKey = (KMHmacKey) key;
return hmacSign(hmacKey.hmacKey, data, dataStart, dataLength, mac, macStart);
}

@Override
public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
short dataLength, byte[] signature, short signatureStart) {
try {
KMAESKey aesKey = (KMAESKey) masterkey;
short keyLen = (short) (aesKey.getKeySizeBits() / 8);
aesKey.getKey(tmpArray, (short) 0);
short keyLen = (short) (aesKey.aesKey.getSize() / 8);
aesKey.aesKey.getKey(tmpArray, (short) 0);
return hmacSign(tmpArray, (short) 0, keyLen, data, dataStart, dataLength,
signature, signatureStart);
} finally {
Expand All @@ -498,7 +498,7 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
short dataLength, byte[] mac, short macStart, short macLength) {
KMHmacKey hmacKey = (KMHmacKey) key;
hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
hmacSignature.init(hmacKey.hmacKey, Signature.MODE_VERIFY);
return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
macLength);
}
Expand Down Expand Up @@ -602,7 +602,7 @@ public KMOperation createSymmetricCipher(short alg, short purpose, short macLeng
}
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
Key key = (Key)keyObj.getKeyObjectInstance();
Key key = (Key)keyObj.keyObjectInst;
switch (secretLength) {
case 32:
case 16:
Expand Down Expand Up @@ -634,7 +634,7 @@ public KMOperation createHmacSignerVerifier(short purpose, short digest,
}
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
HMACKey key = (HMACKey)keyObj.getKeyObjectInstance();
HMACKey key = (HMACKey)keyObj.keyObjectInst;
key.setKey(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
return operation;
Expand All @@ -649,7 +649,7 @@ private KMOperation createHmacSignerVerifier(short purpose, short digest, HMACKe
KMType.HMAC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, (short)0, isTrustedConf);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
HMACKey key = (HMACKey)keyObj.getKeyObjectInstance();
HMACKey key = (HMACKey)keyObj.keyObjectInst;
short len = hmacKey.getKey(tmpArray, (short) 0);
key.setKey(tmpArray, (short) 0, len);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
Expand Down Expand Up @@ -716,8 +716,8 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
switch (interfaceType) {
case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY:
KMAESKey aesKey = (KMAESKey) key;
keyLen = (short) (aesKey.getKeySizeBits() / 8);
aesKey.getKey(tmpArray, (short) 0);
keyLen = (short) (aesKey.aesKey.getSize() / 8);
aesKey.aesKey.getKey(tmpArray, (short) 0);
break;

default:
Expand All @@ -743,7 +743,7 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
@Override
public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
KMHmacKey key = (KMHmacKey) computedHmacKey;
return createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey(), true);
return createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.hmacKey, true);
}

public KMOperation createRsaSigner(short digest, short padding, byte[] secret,
Expand All @@ -754,7 +754,7 @@ public KMOperation createRsaSigner(short digest, short padding, byte[] secret,
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
RSAPrivateKey key = (RSAPrivateKey)((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
RSAPrivateKey key = (RSAPrivateKey)((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setExponent(secret, secretStart, secretLength);
key.setModulus(modBuffer, modOff, modLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
Expand All @@ -769,7 +769,7 @@ public KMOperation createRsaDecipher(short padding, short mgfDigest, byte[] secr
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
RSAPrivateKey key = (RSAPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
RSAPrivateKey key = (RSAPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setExponent(secret, secretStart, secretLength);
key.setModulus(modBuffer, modOff, modLength);
((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0);
Expand All @@ -783,7 +783,7 @@ public KMOperation createEcSigner(short digest, byte[] secret,
.getOperationImpl(KMType.SIGN, alg, KMType.EC, KMType.INVALID_VALUE,
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
KMKeyObject keyObj = operation.getKeyObject();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setS(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
return operation;
Expand All @@ -795,7 +795,7 @@ public KMOperation createKeyAgreement(byte[] secret, short secretStart,
.getOperationImpl(KMType.AGREE_KEY, KeyAgreement.ALG_EC_SVDP_DH_PLAIN,
KMType.EC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, (short)0, false);
KMKeyObject keyObj = operation.getKeyObject();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setS(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0);
return operation;
Expand Down Expand Up @@ -864,7 +864,7 @@ public KMMasterKey createMasterKey(KMMasterKey masterKey, short keySizeBits) {
masterKey = new KMAESKey(key);
short keyLen = (short) (keySizeBits / 8);
getTrueRandomNumber(tmpArray, (short) 0, keyLen);
((KMAESKey)masterKey).setKey(tmpArray, (short) 0);
((KMAESKey)masterKey).aesKey.setKey(tmpArray, (short) 0);
}
return (KMMasterKey) masterKey;
} finally {
Expand All @@ -883,7 +883,7 @@ public KMPreSharedKey createPreSharedKey(KMPreSharedKey preSharedKey, byte[] key
false);
preSharedKey = new KMHmacKey(key);
}
((KMHmacKey)preSharedKey).setKey(keyData, offset, length);
((KMHmacKey)preSharedKey).hmacKey.setKey(keyData, offset, length);
return (KMPreSharedKey) preSharedKey;
}

Expand All @@ -897,7 +897,7 @@ public KMComputedHmacKey createComputedHmacKey(KMComputedHmacKey computedHmacKey
false);
computedHmacKey = new KMHmacKey(key);
}
((KMHmacKey)computedHmacKey).setKey(keyData, offset, length);
((KMHmacKey)computedHmacKey).hmacKey.setKey(keyData, offset, length);
return (KMComputedHmacKey) computedHmacKey;
}

Expand Down Expand Up @@ -933,7 +933,7 @@ public short ecSign256(KMAttestationKey ecPrivKey, byte[] inputDataBuf, short in

signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256,
Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL);
signer.init(((KMECPrivateKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN);
signer.init(((KMECPrivateKey) ecPrivKey).ecKeyPair.getPrivate(), Signature.MODE_SIGN);
return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
outputDataBuf, outputDataStart);
} finally {
Expand Down Expand Up @@ -1071,7 +1071,7 @@ public short ecSign256(KMDeviceUniqueKeyPair ecPrivKey, byte[] inputDataBuf,
try {
signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256,
Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL);
signer.init(((KMECDeviceUniqueKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN);
signer.init(((KMECDeviceUniqueKey) ecPrivKey).ecKeyPair.getPrivate(), Signature.MODE_SIGN);
return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
outputDataBuf, outputDataStart);
} finally {
Expand All @@ -1090,8 +1090,10 @@ public KMDeviceUniqueKeyPair createRkpDeviceUniqueKeyPair(KMDeviceUniqueKeyPair
poolMgr.initECKey(ecKeyPair);
key = new KMECDeviceUniqueKey(ecKeyPair);
}
((KMECDeviceUniqueKey) key).setS(privKey, privKeyOff, privKeyLen);
((KMECDeviceUniqueKey) key).setW(pubKey, pubKeyOff, pubKeyLen);
ECPrivateKey ecKeyPair = (ECPrivateKey) ((KMECDeviceUniqueKey) key).ecKeyPair.getPrivate();
ECPublicKey ecPublicKey = (ECPublicKey) ((KMECDeviceUniqueKey) key).ecKeyPair.getPublic();
ecKeyPair.setS(privKey, privKeyOff, privKeyLen);
ecPublicKey.setW(pubKey, pubKeyOff, pubKeyLen);
return (KMDeviceUniqueKeyPair) key;
}

Expand All @@ -1103,7 +1105,7 @@ public KMRkpMacKey createRkpMacKey(KMRkpMacKey rkpMacKey, byte[] keyData,
false);
rkpMacKey = new KMHmacKey(key);
}
((KMHmacKey) rkpMacKey).setKey(keyData, offset, length);
((KMHmacKey) rkpMacKey).hmacKey.setKey(keyData, offset, length);
return rkpMacKey;
}

Expand Down
22 changes: 2 additions & 20 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,36 +22,18 @@

public class KMECDeviceUniqueKey implements KMDeviceUniqueKeyPair {

private KeyPair ecKeyPair;
public KeyPair ecKeyPair;

@Override
public short getPublicKey(byte[] buf, short offset) {
ECPublicKey publicKey = getPublicKey();
ECPublicKey publicKey = (ECPublicKey) ecKeyPair.getPublic();
return publicKey.getW(buf, offset);
}

public KMECDeviceUniqueKey(KeyPair ecPair) {
ecKeyPair = ecPair;
}

public void setS(byte[] buffer, short offset, short length) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
ecPriv.setS(buffer, offset, length);
}

public void setW(byte[] buffer, short offset, short length) {
ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
ecPublicKey.setW(buffer, offset, length);
}

public ECPrivateKey getPrivateKey() {
return (ECPrivateKey) ecKeyPair.getPrivate();
}

public ECPublicKey getPublicKey() {
return (ECPublicKey) ecKeyPair.getPublic();
}

public static void onSave(Element element, KMECDeviceUniqueKey kmKey) {
element.write(kmKey.ecKeyPair);
}
Expand Down
16 changes: 1 addition & 15 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMECPrivateKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,12 @@

public class KMECPrivateKey implements KMAttestationKey {

private KeyPair ecKeyPair;
public KeyPair ecKeyPair;

public KMECPrivateKey(KeyPair ecPair) {
ecKeyPair = ecPair;
}

public void setS(byte[] buffer, short offset, short length) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
ecPriv.setS(buffer, offset, length);
}

public short getS(byte[] buffer, short offset) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
return ecPriv.getS(buffer, offset);
}

public ECPrivateKey getPrivateKey() {
return (ECPrivateKey) ecKeyPair.getPrivate();
}

public static void onSave(Element element, KMECPrivateKey kmKey) {
element.write(kmKey.ecKeyPair);
}
Expand Down
8 changes: 0 additions & 8 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,6 @@ public static void throwIt(short e) {
reason[0] = e;
throw exception;
}
/*
public static KMException instance() {
if (exception == null) {
exception = new KMException();
}
return exception;
}
*/
}


18 changes: 1 addition & 17 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMHmacKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,12 @@

public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey, KMRkpMacKey {

private HMACKey hmacKey;
public HMACKey hmacKey;

public KMHmacKey(HMACKey key) {
hmacKey = key;
}

public void setKey(byte[] keyData, short kOff, short length) {
hmacKey.setKey(keyData, kOff, length);
}

public byte getKey(byte[] keyData, short kOff) {
return hmacKey.getKey(keyData, kOff);
}

public HMACKey getKey() {
return hmacKey;
}

public short getKeySizeBits() {
return hmacKey.getSize();
}

public static void onSave(Element element, KMHmacKey kmKey) {
element.write(kmKey.hmacKey);
}
Expand Down
17 changes: 2 additions & 15 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMKeyObject.java
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,6 @@
package com.android.javacard.seprovider;

public class KMKeyObject {
private byte algorithm;
private Object keyObjectInst;

public void setKeyObjectData(byte alg, Object keyObject) {
algorithm = alg;
keyObjectInst = keyObject;
}

public byte getAlgorithm() {
return this.algorithm;
}

public Object getKeyObjectInstance() {
return keyObjectInst;
}
public byte algorithm;
public Object keyObjectInst;
}
5 changes: 3 additions & 2 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMPoolManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,7 +339,8 @@ private KMKeyObject createKeyObjectInstance(byte alg) {
KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
}
KMKeyObject ptr = new KMKeyObject();
ptr.setKeyObjectData(alg, keyObject);
ptr.algorithm = alg;
ptr.keyObjectInst = keyObject;
return ptr;
}

Expand Down Expand Up @@ -529,7 +530,7 @@ public KMKeyObject getKeyObjectFromPool(short alg, short secretLength, short max
break;
}
keyObject = (KMKeyObject) keysPool[index];
if (algo == keyObject.getAlgorithm()) {
if (algo == keyObject.algorithm) {
// Check if the Object instance is not busy and free to use.
if (!isResourceBusy(keyObject, RESOURCE_TYPE_KEY)) {
break;
Expand Down
Loading

0 comments on commit f79a011

Please sign in to comment.