Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove getter setter - Merge from KeyMint300 #236

Merged
merged 2 commits into from
Nov 22, 2022
+41 −119
Merged

Remove getter setter - Merge from KeyMint300 #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1100584
Merge pull request #113 from divegeek/Javacard_KeyMint_200_master
subrahmanyaman Oct 11, 2022
49c4623
Removed getter and setter in provider
subrahmanyaman Nov 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -992,8 +992,8 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff,

//Get the key data from the master key
KMAESKey aesKey = (KMAESKey) masterKey;
short mKeyData = KMByteBlob.instance((short) (aesKey.getKeySizeBits() / 8));
aesKey.getKey(
short mKeyData = KMByteBlob.instance((short) (aesKey.aesKey.getSize() / 8));
aesKey.aesKey.getKey(
KMByteBlob.cast(mKeyData).getBuffer(), /* Key */
KMByteBlob.cast(mKeyData).getStartOff()); /* Key start*/
timeOffset = KMByteBlob.instance((short) 32);
Expand Down
14 changes: 1 addition & 13 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAESKey.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,24 +21,12 @@

public class KMAESKey implements KMMasterKey {

private AESKey aesKey;
public AESKey aesKey;

public KMAESKey(AESKey key) {
aesKey = key;
}

public void setKey(byte[] keyData, short kOff) {
aesKey.setKey(keyData, kOff);
}

public byte getKey(byte[] keyData, short kOff) {
return aesKey.getKey(keyData, kOff);
}

public short getKeySizeBits() {
return aesKey.getSize();
}

public static void onSave(Element element, KMAESKey kmKey) {
element.write(kmKey.aesKey);
}
Expand Down
56 changes: 29 additions & 27 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
short keyOutLen = n * 16;
//Convert Hmackey to AES Key as the algorithm is ALG_AES_CMAC_128.
KMHmacKey hmacKey = ((KMHmacKey) preSharedKey);
hmacKey.getKey(tmpArray, (short) 0);
hmacKey.hmacKey.getKey(tmpArray, (short) 0);
aesKeys[KEYSIZE_256_OFFSET].setKey(tmpArray, (short) 0);
//Initialize the key derivation function.
kdf.init(aesKeys[KEYSIZE_256_OFFSET], Signature.MODE_SIGN);
Expand Down Expand Up @@ -473,20 +473,20 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength,
@Override
public short hmacSign(Object key,
byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) {
if(!(key instanceof KMHmacKey)) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}
KMHmacKey hmacKey = (KMHmacKey) key;
return hmacSign(hmacKey.getKey(), data, dataStart, dataLength, mac, macStart);
if(!(key instanceof KMHmacKey)) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}
KMHmacKey hmacKey = (KMHmacKey) key;
return hmacSign(hmacKey.hmacKey, data, dataStart, dataLength, mac, macStart);
}

@Override
public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
short dataLength, byte[] signature, short signatureStart) {
try {
KMAESKey aesKey = (KMAESKey) masterkey;
short keyLen = (short) (aesKey.getKeySizeBits() / 8);
aesKey.getKey(tmpArray, (short) 0);
short keyLen = (short) (aesKey.aesKey.getSize() / 8);
aesKey.aesKey.getKey(tmpArray, (short) 0);
return hmacSign(tmpArray, (short) 0, keyLen, data, dataStart, dataLength,
signature, signatureStart);
} finally {
Expand All @@ -498,7 +498,7 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
short dataLength, byte[] mac, short macStart, short macLength) {
KMHmacKey hmacKey = (KMHmacKey) key;
hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
hmacSignature.init(hmacKey.hmacKey, Signature.MODE_VERIFY);
return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
macLength);
}
Expand Down Expand Up @@ -602,7 +602,7 @@ public KMOperation createSymmetricCipher(short alg, short purpose, short macLeng
}
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
Key key = (Key)keyObj.getKeyObjectInstance();
Key key = (Key)keyObj.keyObjectInst;
switch (secretLength) {
case 32:
case 16:
Expand Down Expand Up @@ -634,7 +634,7 @@ public KMOperation createHmacSignerVerifier(short purpose, short digest,
}
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
HMACKey key = (HMACKey)keyObj.getKeyObjectInstance();
HMACKey key = (HMACKey)keyObj.keyObjectInst;
key.setKey(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
return operation;
Expand All @@ -649,7 +649,7 @@ private KMOperation createHmacSignerVerifier(short purpose, short digest, HMACKe
KMType.HMAC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, (short)0, isTrustedConf);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
HMACKey key = (HMACKey)keyObj.getKeyObjectInstance();
HMACKey key = (HMACKey)keyObj.keyObjectInst;
short len = hmacKey.getKey(tmpArray, (short) 0);
key.setKey(tmpArray, (short) 0, len);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
Expand Down Expand Up @@ -716,8 +716,8 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
switch (interfaceType) {
case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY:
KMAESKey aesKey = (KMAESKey) key;
keyLen = (short) (aesKey.getKeySizeBits() / 8);
aesKey.getKey(tmpArray, (short) 0);
keyLen = (short) (aesKey.aesKey.getSize() / 8);
aesKey.aesKey.getKey(tmpArray, (short) 0);
break;

default:
Expand All @@ -743,7 +743,7 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
@Override
public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
KMHmacKey key = (KMHmacKey) computedHmacKey;
return createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey(), true);
return createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.hmacKey, true);
}

public KMOperation createRsaSigner(short digest, short padding, byte[] secret,
Expand All @@ -754,7 +754,7 @@ public KMOperation createRsaSigner(short digest, short padding, byte[] secret,
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
RSAPrivateKey key = (RSAPrivateKey)((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
RSAPrivateKey key = (RSAPrivateKey)((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setExponent(secret, secretStart, secretLength);
key.setModulus(modBuffer, modOff, modLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
Expand All @@ -769,7 +769,7 @@ public KMOperation createRsaDecipher(short padding, short mgfDigest, byte[] secr
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
// Get the KeyObject from the operation and update the key with the secret key material.
KMKeyObject keyObj = operation.getKeyObject();
RSAPrivateKey key = (RSAPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
RSAPrivateKey key = (RSAPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setExponent(secret, secretStart, secretLength);
key.setModulus(modBuffer, modOff, modLength);
((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0);
Expand All @@ -783,7 +783,7 @@ public KMOperation createEcSigner(short digest, byte[] secret,
.getOperationImpl(KMType.SIGN, alg, KMType.EC, KMType.INVALID_VALUE,
KMType.INVALID_VALUE, KMType.INVALID_VALUE, secretLength, false);
KMKeyObject keyObj = operation.getKeyObject();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setS(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0);
return operation;
Expand All @@ -795,7 +795,7 @@ public KMOperation createKeyAgreement(byte[] secret, short secretStart,
.getOperationImpl(KMType.AGREE_KEY, KeyAgreement.ALG_EC_SVDP_DH_PLAIN,
KMType.EC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, (short)0, false);
KMKeyObject keyObj = operation.getKeyObject();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.getKeyObjectInstance())).getPrivate();
ECPrivateKey key = (ECPrivateKey) ((KeyPair)(keyObj.keyObjectInst)).getPrivate();
key.setS(secret, secretStart, secretLength);
((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0);
return operation;
Expand Down Expand Up @@ -864,7 +864,7 @@ public KMMasterKey createMasterKey(KMMasterKey masterKey, short keySizeBits) {
masterKey = new KMAESKey(key);
short keyLen = (short) (keySizeBits / 8);
getTrueRandomNumber(tmpArray, (short) 0, keyLen);
((KMAESKey)masterKey).setKey(tmpArray, (short) 0);
((KMAESKey)masterKey).aesKey.setKey(tmpArray, (short) 0);
}
return (KMMasterKey) masterKey;
} finally {
Expand All @@ -883,7 +883,7 @@ public KMPreSharedKey createPreSharedKey(KMPreSharedKey preSharedKey, byte[] key
false);
preSharedKey = new KMHmacKey(key);
}
((KMHmacKey)preSharedKey).setKey(keyData, offset, length);
((KMHmacKey)preSharedKey).hmacKey.setKey(keyData, offset, length);
return (KMPreSharedKey) preSharedKey;
}

Expand All @@ -897,7 +897,7 @@ public KMComputedHmacKey createComputedHmacKey(KMComputedHmacKey computedHmacKey
false);
computedHmacKey = new KMHmacKey(key);
}
((KMHmacKey)computedHmacKey).setKey(keyData, offset, length);
((KMHmacKey)computedHmacKey).hmacKey.setKey(keyData, offset, length);
return (KMComputedHmacKey) computedHmacKey;
}

Expand Down Expand Up @@ -933,7 +933,7 @@ public short ecSign256(KMAttestationKey ecPrivKey, byte[] inputDataBuf, short in

signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256,
Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL);
signer.init(((KMECPrivateKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN);
signer.init(((KMECPrivateKey) ecPrivKey).ecKeyPair.getPrivate(), Signature.MODE_SIGN);
return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
outputDataBuf, outputDataStart);
} finally {
Expand Down Expand Up @@ -1071,7 +1071,7 @@ public short ecSign256(KMDeviceUniqueKeyPair ecPrivKey, byte[] inputDataBuf,
try {
signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256,
Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL);
signer.init(((KMECDeviceUniqueKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN);
signer.init(((KMECDeviceUniqueKey) ecPrivKey).ecKeyPair.getPrivate(), Signature.MODE_SIGN);
return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
outputDataBuf, outputDataStart);
} finally {
Expand All @@ -1090,8 +1090,10 @@ public KMDeviceUniqueKeyPair createRkpDeviceUniqueKeyPair(KMDeviceUniqueKeyPair
poolMgr.initECKey(ecKeyPair);
key = new KMECDeviceUniqueKey(ecKeyPair);
}
((KMECDeviceUniqueKey) key).setS(privKey, privKeyOff, privKeyLen);
((KMECDeviceUniqueKey) key).setW(pubKey, pubKeyOff, pubKeyLen);
ECPrivateKey ecKeyPair = (ECPrivateKey) ((KMECDeviceUniqueKey) key).ecKeyPair.getPrivate();
ECPublicKey ecPublicKey = (ECPublicKey) ((KMECDeviceUniqueKey) key).ecKeyPair.getPublic();
ecKeyPair.setS(privKey, privKeyOff, privKeyLen);
ecPublicKey.setW(pubKey, pubKeyOff, pubKeyLen);
return (KMDeviceUniqueKeyPair) key;
}

Expand All @@ -1103,7 +1105,7 @@ public KMRkpMacKey createRkpMacKey(KMRkpMacKey rkpMacKey, byte[] keyData,
false);
rkpMacKey = new KMHmacKey(key);
}
((KMHmacKey) rkpMacKey).setKey(keyData, offset, length);
((KMHmacKey) rkpMacKey).hmacKey.setKey(keyData, offset, length);
return rkpMacKey;
}

Expand Down
22 changes: 2 additions & 20 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,36 +22,18 @@

public class KMECDeviceUniqueKey implements KMDeviceUniqueKeyPair {

private KeyPair ecKeyPair;
public KeyPair ecKeyPair;

@Override
public short getPublicKey(byte[] buf, short offset) {
ECPublicKey publicKey = getPublicKey();
ECPublicKey publicKey = (ECPublicKey) ecKeyPair.getPublic();
return publicKey.getW(buf, offset);
}

public KMECDeviceUniqueKey(KeyPair ecPair) {
ecKeyPair = ecPair;
}

public void setS(byte[] buffer, short offset, short length) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
ecPriv.setS(buffer, offset, length);
}

public void setW(byte[] buffer, short offset, short length) {
ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
ecPublicKey.setW(buffer, offset, length);
}

public ECPrivateKey getPrivateKey() {
return (ECPrivateKey) ecKeyPair.getPrivate();
}

public ECPublicKey getPublicKey() {
return (ECPublicKey) ecKeyPair.getPublic();
}

public static void onSave(Element element, KMECDeviceUniqueKey kmKey) {
element.write(kmKey.ecKeyPair);
}
Expand Down
16 changes: 1 addition & 15 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMECPrivateKey.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,12 @@

public class KMECPrivateKey implements KMAttestationKey {

private KeyPair ecKeyPair;
public KeyPair ecKeyPair;

public KMECPrivateKey(KeyPair ecPair) {
ecKeyPair = ecPair;
}

public void setS(byte[] buffer, short offset, short length) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
ecPriv.setS(buffer, offset, length);
}

public short getS(byte[] buffer, short offset) {
ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate();
return ecPriv.getS(buffer, offset);
}

public ECPrivateKey getPrivateKey() {
return (ECPrivateKey) ecKeyPair.getPrivate();
}

public static void onSave(Element element, KMECPrivateKey kmKey) {
element.write(kmKey.ecKeyPair);
}
Expand Down
8 changes: 0 additions & 8 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,6 @@ public static void throwIt(short e) {
reason[0] = e;
throw exception;
}
/*
public static KMException instance() {
if (exception == null) {
exception = new KMException();
}
return exception;
}
*/
}


18 changes: 1 addition & 17 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMHmacKey.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,12 @@

public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey, KMRkpMacKey {

private HMACKey hmacKey;
public HMACKey hmacKey;

public KMHmacKey(HMACKey key) {
hmacKey = key;
}

public void setKey(byte[] keyData, short kOff, short length) {
hmacKey.setKey(keyData, kOff, length);
}

public byte getKey(byte[] keyData, short kOff) {
return hmacKey.getKey(keyData, kOff);
}

public HMACKey getKey() {
return hmacKey;
}

public short getKeySizeBits() {
return hmacKey.getSize();
}

public static void onSave(Element element, KMHmacKey kmKey) {
element.write(kmKey.hmacKey);
}
Expand Down
17 changes: 2 additions & 15 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMKeyObject.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,6 @@
package com.android.javacard.seprovider;

public class KMKeyObject {
private byte algorithm;
private Object keyObjectInst;

public void setKeyObjectData(byte alg, Object keyObject) {
algorithm = alg;
keyObjectInst = keyObject;
}

public byte getAlgorithm() {
return this.algorithm;
}

public Object getKeyObjectInstance() {
return keyObjectInst;
}
public byte algorithm;
public Object keyObjectInst;
}
5 changes: 3 additions & 2 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMPoolManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,7 +339,8 @@ private KMKeyObject createKeyObjectInstance(byte alg) {
KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
}
KMKeyObject ptr = new KMKeyObject();
ptr.setKeyObjectData(alg, keyObject);
ptr.algorithm = alg;
ptr.keyObjectInst = keyObject;
return ptr;
}

Expand Down Expand Up @@ -529,7 +530,7 @@ public KMKeyObject getKeyObjectFromPool(short alg, short secretLength, short max
break;
}
keyObject = (KMKeyObject) keysPool[index];
if (algo == keyObject.getAlgorithm()) {
if (algo == keyObject.algorithm) {
// Check if the Object instance is not busy and free to use.
if (!isResourceBusy(keyObject, RESOURCE_TYPE_KEY)) {
break;
Expand Down