Skip to content

Latest changes. #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
divegeek merged 26 commits into from
Feb 3, 2021
Merged

Latest changes. #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
fa957d0
Added provision_tool source
Dec 8, 2020
e6672fd
1. Used libjsoncpp for parsing json file
Dec 9, 2020
8ee0fb4
Merge branch 'master' into provision_support
Jan 11, 2021
a25e9c0
updated provisioning tool
Jan 14, 2021
7e65c62
Merge branch 'master' into provision_support
Jan 23, 2021
bca5999
make provision as separate library
Jan 25, 2021
2134a5e
Removed sample_json.txt
Jan 25, 2021
dc379c7
Added uninit function
Jan 25, 2021
697a040
modified the function to init and uninit
Jan 26, 2021
6dcb7ce
1. Renamed the certiicate and key file names in sample_json.txt
Jan 27, 2021
8f6e409
Store master key as Key object rather than as a byte array
Jan 29, 2021
3a13691
Merge branch 'master' into provision_support
Jan 31, 2021
d32c0c0
updated the sample_json.txt to use 3 certificates instead of 2
Jan 31, 2021
ee9ddb3
Removed the changes relating to storing master key as Key object
Feb 1, 2021
9064376
Merge branch 'master' into provision_support
Feb 1, 2021
4c9794e
Added log statements
Feb 2, 2021
e51ab8a
1. Corrected the convertToDate algorithm to generate correct time and
Feb 2, 2021
9d608aa
Merge branch 'master' into provision_support
Feb 2, 2021
5d3413e
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
4fed428
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
f8ae39f
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
be8e975
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
7899e3b
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
91cc7fb
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
8d32e80
Update README.md
BKSSMVenkateswarlu Feb 2, 2021
66d366a
Corrected the tag EARLY_BOOT_ENDED to EARLY_BOOT_ONLY
Feb 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ public class KMAndroidSEProvider implements KMSEProvider {
public static final byte KEYSIZE_128_OFFSET = 0x00;
public static final byte KEYSIZE_256_OFFSET = 0x01;
public static final short TMP_ARRAY_SIZE = 256;
public static final short CERT_CHAIN_MAX_SIZE = 2050;//First 2 bytes for length.
public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.

final byte[] CIPHER_ALGS = {
Cipher.ALG_AES_BLOCK_128_CBC_NOPAD,
Expand Down Expand Up @@ -1143,7 +1143,7 @@ public void persistPartialCertificateChain(byte[] buf, short offset, short len,
// Next single byte holds the array header.
// Next 3 bytes holds the Byte array header with the cert1 length.
// Next 3 bytes holds the Byte array header with the cert2 length.
if (totalLen > CERT_CHAIN_MAX_SIZE) {
if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
}
short persistedLen = Util.getShort(certificateChain, (short) 0);
Expand Down
172 changes: 139 additions & 33 deletions Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,36 @@ public class KMUtils {
0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec
public static final byte[] oneMonthMsec = {
0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec
public static final byte[] oneYearMsec = {
0, 0, 0, 0x07, 0x58, (byte) 0xF0, (byte) 0xDF, (byte) 0xC0 }; // 31556952000 msec
// Leap year + 3 yrs
public static final byte[] leapYearMsec = {
0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000;
public static final byte[] yearMsec = {
0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000
//Leap year(366) + 3 * 365
public static final byte[] fourYrsMsec = {
0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec
0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000
public static final byte[] firstJan2020 = {
0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec
0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec
public static final byte[] firstJan2051 = {
0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000
// msec
public static final byte[] febMonthLeapMSec = {
0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00 }; //2505600000
public static final byte[] febMonthMsec = {
0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00 }; //2419200000
public static final byte[] ThirtyOneDaysMonthMsec = {
0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00 };//2678400000
public static final byte[] ThirtDaysMonthMsec = {
0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 };//2592000000
public static final short year2051 = 2051;
public static final short year2020 = 2020;

// --------------------------------------
public static short convertToDate(short time, byte[] scratchPad,
boolean utcFlag) {

short yrsCount = 0;
short monthCount = 1;
short dayCount = 0;
short dayCount = 1;
short hhCount = 0;
short mmCount = 0;
short ssCount = 0;
Expand All @@ -42,17 +55,17 @@ public static short convertToDate(short time, byte[] scratchPad,
(short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time)
.length());
// If the time is less then 1 Jan 2020 then it is an error
if (Util.arrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0,
(short) 8) < 0) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}
if (utcFlag
&& Util.arrayCompare(scratchPad, (short) 0, firstJan2051,
&& unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051,
(short) 0, (short) 8) >= 0) {
KMException.throwIt(KMError.INVALID_ARGUMENT);
}

if (Util.arrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0,
(short) 8) < 0) {
Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8,
(short) 8);
Expand All @@ -68,7 +81,7 @@ public static short convertToDate(short time, byte[] scratchPad,
(short) 8);
}
// divide the given time with four yrs msec count
if (Util.arrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
Expand All @@ -81,44 +94,97 @@ public static short convertToDate(short time, byte[] scratchPad,
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);
}
// divide the given time with one yr msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneYearMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneYearMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
yrsCount += divide(scratchPad, (short) 0, (short) 8, (short) 16);
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);

//Get the leap year index starting from the (base Year + yrsCount) Year.
short leapYrIdx = getLeapYrIndex(from2020, yrsCount);

// if leap year index is 0, then the number of days for the 1st year will be 366 days.
// if leap year index is not 0, then the number of days for the 1st year will be 365 days.
if (((leapYrIdx == 0) &&
(unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) ||
((leapYrIdx != 0) &&
(unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) {
for (short i = 0; i < 4; i++) {
yrsCount++;
if (i == leapYrIdx) {
Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad,
(short) 8, (short) 8);
} else {
Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
}
subtract(scratchPad, (short) 0, (short) 8, (short) 16);
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);
if (((short) (i + 1) == leapYrIdx)) {
if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec,
(short) 0, (short) 8) < 0) {
break;
}
} else {
if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec,
(short) 0, (short) 8) < 0) {
break;
}
}
}
}

// total yrs from 1970
if (from2020)
yrsCount = (short) (2020 + yrsCount);
yrsCount = (short) (year2020 + yrsCount);
else
yrsCount = (short) (2051 + yrsCount);
yrsCount = (short) (year2051 + yrsCount);

// divide the given time with one month msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16);
monthCount++;
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);
for (short i = 0; i < 12; i++) {
if (i == 1) {
// Feb month
if (isLeapYear(yrsCount)) {
// Leap year 29 days
Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad,
(short) 8, (short) 8);
} else {
// 28 days
Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad,
(short) 8, (short) 8);
}
} else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) {
Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0,
scratchPad, (short) 8, (short) 8);
} else {
// 30 Days
Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad,
(short) 8, (short) 8);
}

if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8,
(short) 8) >= 0) {
subtract(scratchPad, (short) 0, (short) 8, (short) 16);
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);
} else {
break;
}
monthCount++;
}
}

// divide the given time with one day msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16);
dayCount++;
Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
(short) 8);
}

// divide the given time with one hour msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
Expand All @@ -128,7 +194,7 @@ public static short convertToDate(short time, byte[] scratchPad,
}

// divide the given time with one minute msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
Expand All @@ -138,7 +204,7 @@ public static short convertToDate(short time, byte[] scratchPad,
}

// divide the given time with one second msec count
if (Util.arrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0,
if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0,
(short) 8) >= 0) {
Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8,
(short) 8);
Expand All @@ -163,6 +229,25 @@ public static short convertToDate(short time, byte[] scratchPad,
return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY
}

public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) {
byte count = (byte) 0;
short val1 = (short)0;
short val2 = (short)0;

for (; count < length; count++) {
val1 = (short) (a1[(short) (count + offset1)] & 0x00FF);
val2 = (short) (a2[(short) (count + offset2)] & 0x00FF);

if (val1 < val2) {
return -1;
}
if (val1 > val2) {
return 1;
}
}
return 0;
}

public static short numberToString(short number, byte[] scratchPad,
short offset) {
byte zero = 0x30;
Expand Down Expand Up @@ -211,7 +296,7 @@ public static void copy(byte[] buf, short from, short to) {
}

public static byte compare(byte[] buf, short lhs, short rhs) {
return Util.arrayCompare(buf, lhs, buf, rhs, (short) 8);
return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
}

public static void shiftLeft(byte[] buf, short start) {
Expand Down Expand Up @@ -319,4 +404,25 @@ public static short countTemporalCount(byte[] bufTime, short timeOff,
return divide(scratchPad, (short) 0, (short) 8, (short) 16);
}

}
public static boolean isLeapYear(short year) {
if ((short)(year%4) == (short) 0) {
if (((short)(year % 100) == (short) 0) &&
((short) (year % 400)) != (short) 0) {
return false;
}
return true;
}
return false;
}

public static short getLeapYrIndex(boolean from2020, short yrsCount) {
short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount));
for(short i = 0; i < 4; i++) {
if(isLeapYear((short)(newBaseYr + i))) {
return i;
}
}
return -1;
}

}
4 changes: 2 additions & 2 deletions Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public class KMJCardSimulator implements KMSEProvider {
public static final short MAX_RND_NUM_SIZE = 64;
public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys
public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
private static final short CERT_CHAIN_MAX_SIZE = 2050;//First 2 bytes for length.
private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.


public static boolean jcardSim = false;
Expand Down Expand Up @@ -1246,7 +1246,7 @@ public void persistPartialCertificateChain(byte[] buf, short offset,
// Next single byte holds the array header.
// Next 3 bytes holds the Byte array header with the cert1 length.
// Next 3 bytes holds the Byte array header with the cert2 length.
if (totalLen > CERT_CHAIN_MAX_SIZE) {
if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
}
short persistedLen = Util.getShort(certificateChain, (short) 0);
Expand Down
2 changes: 1 addition & 1 deletion Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ private boolean isValidData(byte[] buf, short start, short len) {
if (padding == KMType.PADDING_NONE) {
if (len > 256) return false;
else if (len == 256) {
short v = Util.arrayCompare(buf, start, rsaModulus, (short) 0, len);
short v = KMUtils.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len);
if (v > 0) return false;
}
} else {//pkcs1 no digest
Expand Down
Loading