Optimization

Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java

@@ -12,7 +12,13 @@ public class KMAsn1Parser {
   public static final byte ASN1_A0_TAG = (byte) 0xA0;
   public static final byte ASN1_A1_TAG = (byte) 0xA1;
   public static final byte ASN1_BIT_STRING = 0x03;
+
   public static final byte ASN1_UTF8_STRING = 0x0C;
+  public static final byte ASN1_TELETEX_STRING = 0x14;
+  public static final byte ASN1_PRINTABLE_STRING = 0x13;
+  public static final byte ASN1_UNIVERSAL_STRING = 0x1C;
+  public static final byte ASN1_BMP_STRING = 0x1E;
+
   public static final byte[] EC_CURVE = {
       0x06,0x08,0x2a,(byte)0x86,0x48,(byte)0xce,0x3d,0x03,
       0x01,0x07
@@ -58,7 +64,7 @@ public short decodeSubject(short blob) {
     header(ASN1_SET);
     header(ASN1_SEQUENCE);
     objectIdentifier(COMMON_NAME_OID);
-    return header(ASN1_UTF8_STRING);
+    return subjectHeader();
   }
 
   public short decodeEcSubjectPublicKeyInfo(short blob) {
@@ -215,6 +221,18 @@ private short header(short tag){
     return getLength();
   }
 
+  private short subjectHeader(){
+    short t = getByte();
+    if(t != ASN1_UTF8_STRING &&
+	t != ASN1_TELETEX_STRING &&
+	t != ASN1_PRINTABLE_STRING &&
+	t != ASN1_UNIVERSAL_STRING &&
+	t != ASN1_BMP_STRING) {
+          KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    return getLength();
+  }
+
   private byte getByte(){
     byte d = data[cur];
     incrementCursor((short)1);

Applet/src/com/android/javacard/keymaster/KMDecoder.java

@@ -363,10 +363,13 @@ private short decodeKeyParam(short exp) {
             obj = decode(tagClass);
             KMArray.cast(vals).add(arrPos++, obj);
             break;
-          }catch(KMException e){
-            if(KMException.reason() == KMError.INVALID_TAG &&
-            !ignoreInvalidTags){
-              KMException.throwIt(KMError.INVALID_TAG);
+          } catch(KMException e){
+            if (KMException.reason() == KMError.INVALID_TAG) {
+              if(!ignoreInvalidTags){
+                KMException.throwIt(KMError.INVALID_TAG);
+              }
+            }else {
+              KMException.throwIt(KMException.reason());
             }
             break;
           }

Applet/src/com/android/javacard/keymaster/KMEncoder.java

@@ -77,7 +77,7 @@ private void encode(short obj) {
     push(obj);
   }
 
-  // Use this function, when the max len
+  // Use this function, when the max len is given
   public short encode(short object, byte[] buffer, short startOff, short maxLength) {
     scratchBuf[STACK_PTR_OFFSET] = 0;
     bufferRef[0] = buffer;

Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java

@@ -1351,7 +1351,6 @@ private KMAttestationCert makeCommonCert(byte[] scratchPad) {
     return cert;
   }
 
-
   private KMAttestationCert makeAttestationCert(short attKeyBlob, short attKeyParam,
       short attChallenge, short issuer, byte[] scratchPad) {
     KMAttestationCert cert = makeCommonCert(scratchPad);
@@ -1382,7 +1381,12 @@ private KMAttestationCert makeAttestationCert(short attKeyBlob, short attKeyPara
       KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE);
     }
     KMAsn1Parser asn1Decoder = KMAsn1Parser.instance();
-    short length = asn1Decoder.decodeSubject(issuer);
+    short length = 0;
+    try {
+      length = asn1Decoder.decodeSubject(issuer);
+    } catch (KMException e) {
+      KMException.throwIt(KMError.INVALID_ISSUER_SUBJECT_NAME);
+    }
     if (length > KMType.MAX_SUBJECT_CN_LEN) {
       KMException.throwIt(KMError.INVALID_ISSUER_SUBJECT_NAME);
     }