Initial pull request of HAL Keymaster code #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
BKSSMVenkateswarlu
commented
May 14, 2020
BKSSMVenkateswarlu
commented
- Implementation of Javacard Keymaster HAL as a library.
- CborConverter as a utility class helps in conversion of CBOR data to hidl types and vice versa
- SocketTransport class helps in establishing a socket connection with a remote server. This remote server inturn talks to Javacard Simulator.
- OmapiTransport class is incomplete.
- TransportFactory class decides which communication channel to use based on the OS in running in emulator/Device.
Pull request from chirag branch
- removed command related classes and combined them into KMKeymasterApplet class - removed context class as it is no longer needed. - changed the random number generation logic to use aes cbc with aes 128 bit key encryption as simulator does not support aes ecb and aes 256 bit key. - changed exception throwing to use ISOException.throwit() to use runtime environment's instance.
Optimization changes
verifyAuthorization APIs
Calling it first time before any API gets called.
…teswarlu/JavaCardKeymaster into keymaster_4_1_singleclass
…teswarlu/JavaCardKeymaster into keymaster_4_1_singleclass
…context to support public key operations in JavaCardKeymaster HAL. It is used in public key operations such as RSA encryption, signature verification, exporting public key and also used for decoding pkcs8 key for importing.
2. Fix the issue in cbor for HardwareAuthToken and VerificationToken.
…tionsTest#RsaNoPaddingShortMessage.
Keymaster 4 1 singleclass
Fixed the issues observed while running vts test case EncryptionOpera…
Added new method provision Modified importKey functionality
…teswarlu/JavaCardKeymaster into keymaster_4_1_singleclass
… in all VTS tests. Also Fixed issue of update operation while AES encryption.
2. Fixed issue in getMultiBinaryArray in CborConverter class. 3. Added new property keymaster.javacard.provisioned. Based on this property setBootParam and provisioned functions gets called. 4. Added some hard-coded values for attestation IDs inside provision function.
…ormat before sending to javacard.
…r if empty key blob is sent to begin function.
2. Comment notes
Keymaster 4 1 singleclass
mdwivedi
added a commit
that referenced
this pull request
Jul 28, 2021
* Initial commit of JavacardKeymaster with empty functions * Update README to add HAL design doc link * Updated getHardwareInfo API * Restructured keymaster from 4.0 to 4.1 implementation * Removed unwanted files * Corrected the year of Copyright * Renamed 4.0 to 4.1 in service.cpp * Added CboreConvert class * Removed unnecessary header file * Corrected function names in CboreConverter source file * Removed unnecessary header file * Remodified CborConverter class methods * Removed Operation class * Removed Operation.cpp file from Android.bp * Removed dependency on deleted Operation class * Modified CborConverter class * Fixed initial phase of compilation errors after modifying CborConverter class * Integrated getHmacParameters and computeHmacParameters * Implemented getHamcSharingParameters, computeSharedHmac and verifyAuthorization APIs * Completed conversion from hidl to cbor and cbor back to hidl types. * Modified the ordering HmacSharingParameters and KeyCharacaterstics * Initial implementation of transport library * construct and decode Apdu functions added * Integration of Apdu message with getHardwareInfo function * Fixed compilation errors for getHardwareinfo * Modified getItemAtPos method * Calling transport send method in all the APIs * Create COPYRIGHT * Delete COPYRIGHT * some code refactoring * openConnection moved to Constructor * Remove unnecessary functions and add assert statement * Added documentation for transport classes. Removed unnecessary includes. * Fix for ENUM_REP tags while encoding to CBOR Fixed crash issue when we receive cbor data from se. * Import PKCS8 key using software key master and then feed as RAW format to Javacard keymaster. * Identation for importKey function Added UINT ULONG repetetion logic in CborConverter class for KeyParameters * Added logic for uint and ulong repetitions * Fixed issue with parsing KeyCharacteristics. Made parsing logic common for all the APIs * Optimized getBinaryArray method in CborConverter class. * converted error code to negative number before converting it to ErroCode enum * Fixed the crash issue in CborConverter class * Error handling while import key is corrected and started changes for verification operation in begin function * Added setBootParams method. Calling it first time before any API gets called. * Added Operation context class * Added java_card_soft_keymaster_context extending pure soft keymaster context to support public key operations in JavaCardKeymaster HAL. It is used in public key operations such as RSA encryption, signature verification, exporting public key and also used for decoding pkcs8 key for importing. * Added validations in OperationContext * Integration of OperationContext with JavacardKeymaster4Device class * decode parse wrapped keyblob in importWrappedKey * 1. validations for sign and encrypt for Digest::None case 2. Fix the issue in cbor for HardwareAuthToken and VerificationToken. * Fixed the issues observed while running vts test case EncryptionOperationsTest#RsaNoPaddingShortMessage. * Code cleanup Added new method provision Modified importKey functionality * Fixed issue in importwrappedKey method * Added public operation abort functionality and some fixes in cbor converter. * Created static instance of TransportFactory so that same will be used in all VTS tests. Also Fixed issue of update operation while AES encryption. * 1. Fixed bugs in provision API. Root key extension changed to der. 2. Fixed issue in getMultiBinaryArray in CborConverter class. 3. Added new property keymaster.javacard.provisioned. Based on this property setBootParam and provisioned functions gets called. 4. Added some hard-coded values for attestation IDs inside provision function. * Encode the parametersVerified value inside VerficationToken to asn1 format before sending to javacard. * Fixed issue of empty public key in EC key extract. Also returned error if empty key blob is sent to begin function. * Fixed the issue while parsing the Keyparameters from cbor * Added Digest, Padding, Keysize in Param list in provision API * 1. Fix for TOO_MANY_OPERATIONS 2. Comment notes * javacard keymaster as service with name 'javacard' * Javacard applet requires subject, authority key identifier and expiry time of the root certificate in provision API. * Fixed crash in computeSharedHmac * Javacard applet requires subject, authority key identifier and expiry time of the root certificate in provision API. * Fixed crash in computeSharedHmac * Made some temporary fixes to make emulator launch with out crashing. SoftKeymaster is used for getHmacSharingParams, computeHmac and getHardwareInfo APIs * Fixed the issue in provision API Renamed a local function. RSA sign length fix - VTS * VTS Bug fixes * 1. Code cleanup. * Enabled getHmac and computeHmac functions for VTS test, based on condition * Code Indentation * For AES GCM Decryption operation hold last 16 bytes of data in update operation and send that in finish operation. In begin operation call getKeyCharacteristics to validate the keyblob and also to get keyCharacteristics. * 1. Sending masterkey in provision commandi. 2. Fixed the issue in buffer logic. * For verifyAuthorizations API, StrongBox implementations must return ErrorCode::UNIMPLEMENTED. * JCOP Provider Implementation * In update operation, the inputConsumed len is equal to input length * Added code for ECDSA No Digest Fixed few bugs relating to Hmac operation, abort operation Modified the KMKeymasterApplet code to send back the inputConsumed length equal to input length. * Added no digest ecdsa file * Removed commented code and indentation * 1. Removed native code for random number generation and used RandomData instead. 2. Fill tmpArray to zeros after use. 3. Code indentation, Remove unused code. * Support for RSA-OAEP encoding scheme * 1. Renamed JCOP Provider to SGTMProvider 2. Added Backup and restore functionality. * Renamed SGTMProvider to AndroidSEProvider * provisioning changes * Fixed issues while provisioning * 1. Provision certificate chain with out using extra RAM. 2. Made changes to support only EC signing key instead of RSA key. 3. Clear HMAC nonce and generate it in setBootParams. * Provision functionality split into 6 separate functions * Active state should not allow provision commands * Incorporated first level review comments in KMKeymasterApplet class 1. Renamed the state names and provision status names of the Applet. 2. Moved the validation logic of cert chain to decoder. 3. Replace nest if else with switch. * Changed the instruction command values for provision cmds * Add Begin/End STATE, rm old B&R & mv handle statem * 1. AES CCM to AES GCM while deriving the key. 2. Updated the comments. 3. Modified the Instruction command values. * Modified Applet state machine * 1. Rearranged the Instruction set. 2. Renamed setDeviceBooted to clearDeviceBooted. 3. Removed UINSTALLED_STATE, INACTIVE_STATE. * 1. Modified certChain command. * Update KMKeymasterApplet.java Added real numbers for reference (to be referred in design doc too) * Removed BackupRestoreApplet * Removed OracleSimProvider * Removed unused function getNumberOfCerts from SEProvider * Moved all time related functions under Provider implementation with class KMUtils * Removed Backuprestore classes from AndroidSEProvider * 1. add sendError OK inside addRngEntropy which is missing 2. Removed commented code 3. Removed TODO code which is already handled. 4. Added Extended errors inside KMError to map ISOExceptions to KMErrors. * Support for Amendment H * made provision to send long bytes in getCertificateChain * Removed KMKeymasterStore.java file * Added vendorPatchLevel and BootPatchLevel to SetBootParams Included vendorPatchLevel and bootPatchLevel in KeyCharateristics. Added check for vendorPatchLevel and bootPatchLevel in upgradeKeyCmd Co-authored-by: bvenkateswarlu <[email protected]> Co-authored-by: BKSSM Venkateswarlu <[email protected]> Co-authored-by: Shawn Willden <[email protected]> Co-authored-by: Prashant Patil <[email protected]> Co-authored-by: Shawn Willden <[email protected]> Co-authored-by: Manish Dwivedi <[email protected]> Co-authored-by: mdwivedi <[email protected]>
subrahmanyaman
referenced
this pull request
in subrahmanyaman/JavaCardKeymaster
Aug 26, 2021
Move unsigned compare
mdwivedi
pushed a commit
that referenced
this pull request
Dec 2, 2021
…_to_static_final Applet version upgrade move to static final
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.