Added Comments

Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java

@@ -20,5 +20,7 @@ public class KMConfigurations {
   public static final byte LITTLE_ENDIAN = 0x00;
   public static final byte BIG_ENDIAN = 0x01;
   public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+  // If the size of the attestation ids is known and lesser than 64
+  // then reduce the size here. It reduces the heap memory usage.
   public static final byte MAX_ATTESTATION_IDS_SIZE = 64;
 }

Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java

@@ -20,5 +20,7 @@ public class KMConfigurations {
   public static final byte LITTLE_ENDIAN = 0x00;
   public static final byte BIG_ENDIAN = 0x01;
   public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+  // If the size of the attestation ids is known and lesser than 64
+  // then reduce the size here. It reduces the heap memory usage.
   public static final byte MAX_ATTESTATION_IDS_SIZE = 64;
 }

Applet/src/com/android/javacard/keymaster/KMEncoder.java

@@ -77,8 +77,19 @@ private void encode(short obj) {
     push(obj);
   }
 
-  // Use this function, when the max len is given
-  public short encode(short object, byte[] buffer, short startOff, short bufLen, short encoderOutLimitLen) {
+  /**
+   * This functions encodes the given object into the provider buffer space
+   * in cbor format.
+   *
+   * @param object Object to be encoded into cbor data.
+   * @param buffer Output where cbor data is copied.
+   * @param startOff is the start offset of the buffer.
+   * @param bufLen length of the buffer
+   * @param encoderOutLimitLen excepted encoded output length.
+   * @return length of the encoded buffer.
+   */
+  public short encode(short object, byte[] buffer, short startOff, short bufLen,
+      short encoderOutLimitLen) {
     scratchBuf[STACK_PTR_OFFSET] = 0;
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = startOff;

Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java

@@ -1072,10 +1072,12 @@ private void processUpgradeKeyCmd(APDU apdu) {
       upgradeKeyBlobKeyCharacteristics(data[HW_PARAMETERS], scratchPad);
       // create new key blob with current os version etc.
       createEncryptedKeyBlob(scratchPad);
-      // allocate reclaimable memory.
-      short buffer = repository.alloc(MAX_KEYBLOB_SIZE);
-      data[KEY_BLOB] = encoder.encode(data[KEY_BLOB], repository.getHeap(), buffer, repository.getHeapReclaimIndex());
-      data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), buffer, data[KEY_BLOB]);
+      short prevReclaimIndex = repository.getHeapReclaimIndex();
+      short offset = repository.allocReclaimableMemory(MAX_KEYBLOB_SIZE);
+      data[KEY_BLOB] = encoder.encode(data[KEY_BLOB], repository.getHeap(), offset,
+          prevReclaimIndex, MAX_KEYBLOB_SIZE);
+      data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), offset, data[KEY_BLOB]);
+      repository.reclaimMemory(MAX_KEYBLOB_SIZE);
     } else {
       data[KEY_BLOB] = KMByteBlob.instance((short) 0);
     }
@@ -4194,10 +4196,12 @@ public static void generateRkpKey(byte[] scratchPad, short keyParams) {
     data[ORIGIN] = KMType.GENERATED;
     makeKeyCharacteristics(scratchPad);
     createEncryptedKeyBlob(scratchPad);
-    // allocate reclaimable memory.
-    short buffer = repository.alloc((short) 1024);
-    short keyBlob = encoder.encode(data[KEY_BLOB], repository.getHeap(), buffer, repository.getHeapReclaimIndex());
-    data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), buffer, keyBlob);
+    short prevReclaimIndex = repository.getHeapReclaimIndex();
+    short offset = repository.allocReclaimableMemory(MAX_KEYBLOB_SIZE);
+    data[KEY_BLOB] = encoder.encode(data[KEY_BLOB], repository.getHeap(), offset,
+        prevReclaimIndex, MAX_KEYBLOB_SIZE);
+    data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), offset, data[KEY_BLOB]);
+    repository.reclaimMemory(MAX_KEYBLOB_SIZE);
   }
   public static short getPubKey() {
     return data[PUB_KEY];